What is Critical Vulnerability
A Critical Vulnerability is a Computer Security declared alert regarding a vulnerability in an application, operating system or configuration that, because of an increased risk or active exploit, must be patched outside of normal patching cycles. Critical Vulnerabilities often have a very short patching window, from hours to days, and that patching window may be reduced as the risk or threats increase. In most cases, Critical Vulnerabilities are declared for remotely accessible vulnerabilities that require no user interaction. Critical Vulnerabilities are continuously scanned for by CST, and network access is denied for systems not in compliance due to the increased risk of its presence on the FNAL network.
What to do about a Critical Vulnerability
The following vulnerabilities have been declared to be so severe that mitigation measures are MANDATORY for network connection at Fermilab. Mitigations are in order of preference:
In exceptional circumstances, one can request permission to restrict access to the host machine to a tightly controlled list of inbound connections.
You can also open a ServiceDesk ticket and request the computer security team perform a Nessus scan.
List of Critical Vulnerabilities