Sunday, February 21, 05:28
Home security Caution! QNAP NAS devices vulnerable to ZeroLogon vulnerabilities

Caution! QNAP NAS devices vulnerable to ZeroLogon vulnerabilities

According to a new update QNAP, some Appliances . are vulnerable to the well-known and dangerous Windows vulnerability, ZeroLogon.

ZeroLogon
Caution! QNAP NAS devices vulnerable to ZeroLogon vulnerabilities

QNAP informs its customers that certain NAS Appliances performing specific versions of the QTS operating system, are vulnerable to attacks trying to exploit the critical vulnerability of Windows, ZeroLogon (CVE-2020-1472).

ZeroLogon is a critical vulnerability allowing invaders to obtain domain administrator rights and take control of the entire domain.

Microsoft says that already many state hacking financially motivated groups and criminals, use this vulnerability to carry out attacks.

According to QNAP, this vulnerability, which gives the attacker more privileges in the system, allows the circumvention of security measures via a compromised QTS device on the network.

"NAS devices may be vulnerable to ZeroLogon vulnerability if users have configured the device as domain controller in Control Panel> Network & File Services> Win / Mac / NFS> Microsoft Networking", Says the company.

NAS devices are not commonly used as Windows domain controller. But some organizations do this to allow IT administrators to use certain NAS models for account management. users, authentication, etc.

QNAP NAS
Caution! QNAP NAS devices vulnerable to ZeroLogon vulnerabilities

QNAP offers security updates

QNAP urges its customers to update the QTS operating system immediately on their NAS devices, as well as all installed ones applications, so as not to risk attacks that exploit the Zerologon vulnerability.

According to company, QTS 2.x and QES versions are not affected from vulnerability CVE-2020-1472. Additionally, the vulnerability has been fixed for the following versions:

  • QTS 4.5.1.1456 build 20201015 and later versions
  • QTS 4.4.3.1439 build 20200925 and later versions
  • QTS 4.3.6.1446 build 20200929 and later versions
  • QTS 4.3.4.1463 build 20201006 and later versions
  • QTS 4.3.3.1432 build 20201006 and later versions

Users will be able to install the latest QTS update by downloading it from QNAP Download Center ή automatically following this procedure:

  • Log in to QTS as an administrator.
  • Go to Control Panel> System> Firmware Update.
  • In the Live Update section, click Check for Updates.
  • QTS downloads and installs the latest available update.

According to Bleepingcomputer, to update the applications installed on their NAS devices, users must follow the steps described in detail in company guide.

Some time ago, QNAP fixed two critical bugs in the application Helpdesk that could allow intruders to take control of uninformed NAS devices, and warned of increase of ransomware attacks targeting these devices.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...

Xbox gift cards are sold at a 10% discount on Amazon

Xbox owners can save some money on games, add-ons, subscriptions and more if they buy Xbox gift cards at ...

Perseverance: NASA spacecraft lands on Mars!

The spacecraft "Perseverance" successfully landed yesterday, shortly before 11 pm Greek time on Mars. Aim of this mission of ...

YouTube: You can play 4K videos on devices with low resolution screens

Youtube application on Android allows you to play videos up to 4K resolution. All you need is a phone with ...