Cybersecurity and Infrastructure Security Agency, part of the US Department of Homeland Security, doesn’t usually issue emergency orders about specific vulnerabilities.
But it issued one on Friday, ordering government agencies that use Microsoft Windows Active Directory on their networks to patch their domain controllers immediately.
And CISA strongly urged everyone else to follow suit, including state and local governments and industry.
“We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary,” CISA assistant director Bryan Ware said in a statement.