Tuesday, October 27, 17:33
Home security Caution! QNAP NAS devices vulnerable to ZeroLogon vulnerabilities

Caution! QNAP NAS devices vulnerable to ZeroLogon vulnerabilities

According to a new update QNAP, some Appliances . are vulnerable to the well-known and dangerous Windows vulnerability, ZeroLogon.

ZeroLogon
Caution! QNAP NAS devices vulnerable to ZeroLogon vulnerabilities

QNAP informs its customers that certain NAS Appliances performing specific versions of the QTS operating system, are vulnerable to attacks trying to exploit the critical vulnerability of Windows, ZeroLogon (CVE-2020-1472).

ZeroLogon is a critical vulnerability allowing invaders to obtain domain administrator rights and take control of the entire domain.

Microsoft says that already many state hacking financially motivated groups and criminals, use this vulnerability to carry out attacks.

According to QNAP, this vulnerability, which gives the attacker more privileges in the system, allows the circumvention of security measures via a compromised QTS device on the network.

"NAS devices may be vulnerable to ZeroLogon vulnerability if users have configured the device as domain controller in Control Panel> Network & File Services> Win / Mac / NFS> Microsoft Networking", Says the company.

NAS devices are not commonly used as Windows domain controller. But some organizations do this to allow IT administrators to use certain NAS models for account management. users, authentication, etc.

QNAP NAS
Caution! QNAP NAS devices vulnerable to ZeroLogon vulnerabilities

QNAP offers security updates

QNAP urges its customers to update the QTS operating system immediately on their NAS devices, as well as all installed ones applications, so as not to risk attacks that exploit the Zerologon vulnerability.

According to company, QTS 2.x and QES versions are not affected from vulnerability CVE-2020-1472. Additionally, the vulnerability has been fixed for the following versions:

  • QTS 4.5.1.1456 build 20201015 and later versions
  • QTS 4.4.3.1439 build 20200925 and later versions
  • QTS 4.3.6.1446 build 20200929 and later versions
  • QTS 4.3.4.1463 build 20201006 and later versions
  • QTS 4.3.3.1432 build 20201006 and later versions

Users will be able to install the latest QTS update by downloading it from QNAP Download Center ή automatically following this procedure:

  • Log in to QTS as an administrator.
  • Go to Control Panel> System> Firmware Update.
  • In the Live Update section, click Check for Updates.
  • QTS downloads and installs the latest available update.

According to Bleepingcomputer, to update the applications installed on their NAS devices, users must follow the steps described in detail in company guide.

Some time ago, QNAP fixed two critical bugs in the application Helpdesk that could allow intruders to take control of uninformed NAS devices, and warned of increase of ransomware attacks targeting these devices.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

The five biggest data breaches of the 21st century

Data is becoming more and more sought after as our daily lives become more digitized. The technology giants that monopolize data are ...

Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...

More than 100 irrigation systems were left exposed on the internet

More than 100 smart irrigation systems were left exposed on the internet without a password last month, allowing anyone to access ...