Pierluigi Paganini
December 24, 2020
Security experts from Qualys are warning that more than 7.5 million devices are potentially exposed to cyber attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye.
As a result of the recent SolarWinds supply chain attack, multiple organizations were compromised, including FireEye.
“While the number of vulnerable instances of SolarWinds Orion are in the hundreds, our analysis has identified over 7.54 million vulnerable instances related to FireEye Red Team tools across 5.29 million unique assets, highlighting the scope of the potential attack surface if these tools are misused. Organizations need to move quickly to immediately protect themselves from being exploited by these vulnerabilities.” reads the post published by Qualys.
The experts discovered that the vulnerable instances were associated with nearly 5.3 million unique assets belonging to Qualys’ customers.
About 7.53 million out of 7.54 million vulnerable instances (99.84%) are from the following eight vulnerabilities in Microsoft’s software:
| CVE ID | Release Date | Name | CVSS | Qualys QID(s) |
| CVE-2020-1472 | 08/11/2020 | Microsoft Windows Netlogon Elevation of Privilege Vulnerability | 10 | 91668 |
| CVE-2019-0604 | 02/12/2019 | Microsoft Office and Microsoft Office Services and Web Apps Security Update February 2019 Microsoft SharePoint | 9.8 | 110330 |
| CVE-2019-0708 | 05/14/2019 | Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (Blue. Keep) | 9.8 | 91541, 91534 |
| CVE-2014-1812 | 05/13/2014 | Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) | 9 | 91148, 90951 |
| CVE-2020-0688 | 02/11/2020 | Microsoft Exchange Server Security Update for February 2020 | 8.8 | 50098 |
| CVE-2016-0167 | 04/12/2016 | Microsoft Windows Graphics Component Security Update (MS16-039) | 7.8 | 91204 |
| CVE-2017-11774 | 10/10/2017 | Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2017 | 7.8 | 110306 |
| CVE-2018-8581 | 11/13/2018 | Microsoft Exchange Server Elevation of Privilege Vulnerability | 7.4 | 53018 |
The tools that were stolen from the FireEye’s arsenal also exploit other eight vulnerabilities affecting products from Pulse Secure, Fortinet, Atlassian, Citrix, Zoho, and Adobe.
The full list of 16 exploitable vulnerabilities and their patch links is available here.
Qualys released free tools and other resources that can help organizations to address the above vulnerabilities, the company is offering a free service for 60 days, to rapidly address this risk.
This week, security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations.
The list contains major companies, including Cisco, Deloitte, Intel, Mediatek, and Nvidia.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, SolarWinds)
[adrotate banner=”5″]
[adrotate banner=”13″]
