Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye.

Security experts from Qualys are warning that more than 7.5 million devices are potentially exposed to cyber attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye.

As a result of the recent SolarWinds supply chain attack, multiple organizations were compromised, including FireEye.

“While the number of vulnerable instances of SolarWinds Orion are in the hundreds, our analysis has identified over 7.54 million vulnerable instances related to FireEye Red Team tools across 5.29 million unique assets, highlighting the scope of the potential attack surface if these tools are misused. Organizations need to move quickly to immediately protect themselves from being exploited by these vulnerabilities.” reads the post published by Qualys.

The experts discovered that the vulnerable instances were associated with nearly 5.3 million unique assets belonging to Qualys’ customers.

About 7.53 million out of 7.54 million vulnerable instances (99.84%) are from the following eight vulnerabilities in Microsoft’s software:

CVE ID	Release Date	Name	CVSS	Qualys QID(s)
CVE-2020-1472	08/11/2020	Microsoft Windows Netlogon Elevation of Privilege Vulnerability	10	91668
CVE-2019-0604	02/12/2019	Microsoft Office and Microsoft Office Services and Web Apps Security Update February 2019 Microsoft SharePoint	9.8	110330
CVE-2019-0708	05/14/2019	Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (Blue. Keep)	9.8	91541, 91534
CVE-2014-1812	05/13/2014	Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486)	9	91148, 90951
CVE-2020-0688	02/11/2020	Microsoft Exchange Server Security Update for February 2020	8.8	50098
CVE-2016-0167	04/12/2016	Microsoft Windows Graphics Component Security Update (MS16-039)	7.8	91204
CVE-2017-11774	10/10/2017	Microsoft Office and Microsoft Office Services and Web Apps Security Update October 2017	7.8	110306
CVE-2018-8581	11/13/2018	Microsoft Exchange Server Elevation of Privilege Vulnerability	7.4	53018

The tools that were stolen from the FireEye’s arsenal also exploit other eight vulnerabilities affecting products from Pulse Secure, Fortinet, Atlassian, Citrix, Zoho, and Adobe.

The full list of 16 exploitable vulnerabilities and their patch links is available here.

Qualys released free tools and other resources that can help organizations to address the above vulnerabilities, the company is offering a free service for 60 days, to rapidly address this risk. 

This week, security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations.

The list contains major companies, including Cisco, Deloitte, Intel, Mediatek, and Nvidia.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SolarWinds)

[adrotate banner=”5″]

[adrotate banner=”13″]