1 min read

QNAP Issues Patch for Zerologon Vulnerability

Silviu STAHIE

November 02, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
QNAP Issues Patch for Zerologon Vulnerability

QNAP has released a new patch for its devices to address the infamous Zerologon vulnerability, which Microsoft says threat actors are already using in the wild.

An unintended side effect of having a large market share is that it takes a really long time to patch all systems when a nasty vulnerability shows up. Not everyone is quick to apply the latest updates, which leaves many systems vulnerable for years on end.

The Zerologon vulnerability (CVE-2020-1472) will likely show its ugly head for a long time since it’s already used in the wild by threat actors. Hackers know an inherent inertia slows system patching, so they exploit vulnerabilities like Zerologon for as long as possible.

“The Zerologon vulnerability has been reported to affect some versions of QTS,” says QNAP in its advisory.

“If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller in Control Panel > Network & File Services > Win/Mac/NFS > Microsoft Networking.”

As usual, updating the operating system to the latest version is recommended as the only way to fix the problem. Of course, users should also consider updating all installed applications as well.

QNAP regularly releases updates for its NAS (network attached storage) systems. Just recently, the company had to deal with a ransomware campaign targeting older version of QTS. Before that, CISA issued an advisory regarding a malware named QSnatch affecting the same NAS devices.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits
Silviu STAHIE

January 31, 2023

1 min read
Hackers steal 10 million customer details from JD Sports Hackers steal 10 million customer details from JD Sports
Graham CLULEY

January 30, 2023

2 min read
North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022 North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022
Silviu STAHIE

January 25, 2023

1 min read