The US Department of Health and Human Services just released an emergency directive to notify the Health and Public Health Sector of significant vulnerabilities identified in the Microsoft Windows Operating Systems. The Cybersecurity and Infrastructure Security Agency (CISA) has determined the weaknesses pose an unacceptable threat to the Federal enterprise and require immediate action. They released an emergency directive addressing the vulnerabilities and requiring all Federal agencies to patch their environment immediately. Some of the vulnerabilities could enable a remote attacker to decrypt, modify, or inject data on user connections.
Given the seriousness of the threat, all Health and Public Health entities are encouraged to strongly consider patching their environment as soon as possible. Although CISA directives are not mandatory for any other non-governmental organizations, they are encouraged to review and deploy this critical patch.
The following resources can be used for further information:
Microsoft released the following software patch to mitigate these vulnerabilities in supported Windows operating systems:
CISA issued the following directive, including required actions guidance: