Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Pierluigi Paganini December 24, 2020

Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye.

Security experts from Qualys are warning that more than 7.5 million devices are potentially exposed to cyber attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye.

As a result of the recent SolarWinds supply chain attack, multiple organizations were compromised, including FireEye.

“While the number of vulnerable instances of SolarWinds Orion are in the hundreds, our analysis has identified over 7.54 million vulnerable instances related to FireEye Red Team tools across 5.29 million unique assets, highlighting the scope of the potential attack surface if these tools are misused. Organizations need to move quickly to immediately protect themselves from being exploited by these vulnerabilities.” reads the post published by Qualys.

The experts discovered that the vulnerable instances were associated with nearly 5.3 million unique assets belonging to Qualys’ customers.

About 7.53 million out of 7.54 million vulnerable instances (99.84%) are from the following eight vulnerabilities in Microsoft’s software:

CVE IDRelease DateNameCVSSQualys QID(s)
CVE-2020-147208/11/2020Microsoft Windows Netlogon Elevation of Privilege Vulnerability1091668
CVE-2019-060402/12/2019Microsoft Office and Microsoft Office Services and Web Apps Security Update February 2019 Microsoft SharePoint9.8110330
CVE-2019-070805/14/2019Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (Blue. Keep)9.891541, 91534
CVE-2014-181205/13/2014Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486)991148, 90951
CVE-2020-068802/11/2020Microsoft Exchange Server Security Update for February 20208.850098
CVE-2016-016704/12/2016Microsoft Windows Graphics Component Security Update (MS16-039)7.891204
CVE-2017-1177410/10/2017Microsoft Office and Microsoft Office Services and Web Apps Security Update October 20177.8110306
CVE-2018-858111/13/2018Microsoft Exchange Server Elevation of Privilege Vulnerability7.453018

The tools that were stolen from the FireEye’s arsenal also exploit other eight vulnerabilities affecting products from Pulse Secure, Fortinet, Atlassian, Citrix, Zoho, and Adobe.

The full list of 16 exploitable vulnerabilities and their patch links is available here.

Qualys released free tools and other resources that can help organizations to address the above vulnerabilities, the company is offering a free service for 60 days, to rapidly address this risk. 

This week, security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations.

The list contains major companies, including Cisco, Deloitte, Intel, Mediatek, and Nvidia.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SolarWinds)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment