Monday, July 4, 2022

Patching can close holes exploited by stolen FireEye tools, according to new report

Patch management is emerging as a vital tactic for infosec pros for dealing with the possible exploitation of their networks from the recent theft of FireEye’s intrusion testing tools.

The so-called Red Team tools used by FireEye for mimicking a cyberattack against authorized customers were copied by a threat actor exploiting a vulnerability in SolarWinds Orion network management suite. According to FireEye, the tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit.

In a blog Tuesday, researchers from Qualys said they have identified over 7.54 million instances of vulnerable applications related to the FireEye tools across 5.29 million unique assets in their customer base.

However, of that 7.54 million, roughly 99.84 per cent are from eight vulnerabilities in Microsoft Windows, Office and Exchange Server. Patches for them have been available for some time. They include a patch for the Windows Netlogon vulnerability, which was released Nov. 11.

Qualys list of top Microsoft vulnerabilities FireEye Red Team tools could take advantage of. Dates of patches that have been released for all are listed. Click to enlarge.

Qualys also determined that among its customers there are hundreds of vulnerable instances of SolarWinds Orion platform.

“Based on sheer risk and scale of these vulnerabilities, it is imperative for organizations to quickly assess the state of these vulnerabilities and missing patches across all their assets,” Qualys said.

The FireEye tools also can be used to exploit unpatched vulnerabilities in products from Pulse Secure, Fortinet, Atlassian, Citrix, Zoho, and Adobe. FireEye has published this list of vulnerabilities in order of critical priority.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.