Patching can close holes exploited by stolen FireEye tools, according to new report

Laptop patching illustration
Source: kaptnali | Getty Images

Patch management is emerging as a vital tactic for infosec pros for dealing with the possible exploitation of their networks from the recent theft of FireEye’s intrusion testing tools.

The so-called Red Team tools used by FireEye for mimicking a cyberattack against authorized customers were copied by a threat actor exploiting a vulnerability in SolarWinds Orion network management suite. According to FireEye, the tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit.

In a blog Tuesday, researchers from Qualys said they have identified over 7.54 million instances of vulnerable applications related to the FireEye tools across 5.29 million unique assets in their customer base.

However, of that 7.54 million, roughly 99.84 per cent are from eight vulnerabilities in Microsoft Windows, Office and Exchange Server. Patches for them have been available for some time. They include a patch for the Windows Netlogon vulnerability, which was released Nov. 11.

Qualys list of top Microsoft vulnerabilities FireEye Red Team tools could take advantage of. Dates of patches that have been released for all are listed. Click to enlarge.

Qualys also determined that among its customers there are hundreds of vulnerable instances of SolarWinds Orion platform.

“Based on sheer risk and scale of these vulnerabilities, it is imperative for organizations to quickly assess the state of these vulnerabilities and missing patches across all their assets,” Qualys said.

The FireEye tools also can be used to exploit unpatched vulnerabilities in products from Pulse Secure, Fortinet, Atlassian, Citrix, Zoho, and Adobe. FireEye has published this list of vulnerabilities in order of critical priority.


Please enter your comment!
Please enter your name here