CISA Says Agencies Have 10 Days to Patch NSA-Spotted Microsoft Vulnerability

NextGov: Federal agencies have 10 business days to apply security updates to all endpoints affected by 49 vulnerabilities Microsoft identified in a high-profile “patch Tuesday,” under the Cybersecurity and Infrastructure Security Agency directive issued today.

Within that time, federal agencies must have controls in place to ensure new or previously disconnected endpoints are patched before connecting to their networks, according to the directive, which also lays out timelines for agencies to report on their plans. Initial status reports must be made to CISA within the next three business days.

Read article