The security hole isn’t difficult to use. It takes “about three seconds in practice,” according to Secura.

Agencies have to install the patch no later than September 21st.

While the alert is clearly aimed at federal officials, it also serves as a warning for private firms that depend on Windows servers and Active Directory. If an intruder successfully launches this exploit, they’ll effectively have control of the network. They could spread malware, steal data or otherwise cause havoc. Some companies have already suffered major disruptions due to malware this year, and that trend could continue if they don’t protect themselves against flaws like Zerologon in a timely fashion.