The Cybersecurity and Infrastructure Security Agency, a federal agency, is advising private businesses using a Microsoft Windows Server to apply a recent security update immediately.
The Cybersecurity and Infrastructure Security Agency (CISA) advises private businesses, like orthodontic practices, that use Microsoft Windows Server in a domain controller role to apply a security update released in August. The update fixes a flaw that could allow an unauthenticated attacker domain administrator access.
The American Dental Association advises practices to work with their technical support resources to make sure this vulnerability is addressed as soon as possible.
Within a Windows Server operating system, a domain controller is a server that responds to security authentication requests, such as a request to log on to the server. According to Microsoft, the current vulnerability affects the mechanism for authenticating user accounts.
CISA is a government agency responsible for safeguarding and security for the federal technology infrastructure. According to an alert from the agency, it only issues emergency directives like this when it assesses it to be necessary.
Though the alert to download the security update is directed at the federal government, the agency is advising the private sector and the American public to apply this security update as soon as possible.
For businesses that cannot immediately apply the update, the CISA urges them to remove relevant domain controllers from their networks.