Daily Tech News, Interviews, Reviews and Updates

New Netwrix Auditor Bug can allow Attackers to execute arbitrary code

Security
By Pavan Naidu
Image courtesy:Armstrong

Researchers have found details about a security vulnerability in the Netwrix Auditor application that, if exploited can lead to arbitrary code execution on affected devices.

“Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain,” Bishop Fox said in an advisory published this week.

The auditor is an auditing and visibility platform that enables organizations to have a consolidated view of their IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware, and other systems—all from a single console.

Netwrix, the company behind the software, has claimed more than 11,500 customers across over 100 countries, such as Airbus, Virgin, King’s College Hospital, and Credissimo, among others.

According to Hacker News, the flaw, which impacts all supported versions prior to 10.5, has been described as an insecure object deserialization, which takes place when untrusted user-controllable data is parsed to inflict remote code execution attacks.

The root cause of the bug is an unsecured .NET remoting service that’s accessible on TCP port 9004 on the Netwrix server, enabling an actor to execute arbitrary commands on the server.

“Since the command was executed with NT AUTHORITY\SYSTEM privileges, exploiting this issue would allow an attacker to fully compromise the Netwrix server,” Bishop Fox’s Jordan Parkin said as per Hacker News.

UPDATE FROM Netwrix

Upon receiving the vulnerability report from Jordan Parkin of Bishop Fox, the Netwrix development team worked diligently to remediate it. On June 6, 2022, Netwrix released Netwrix Auditor 10.5 which included a fix for this vulnerability, and published a security advisory to its customers advising them of the risk and the need to upgrade. Netwrix thanks Mr. Parkin for his collaboration and coordinated disclosure of this vulnerability. Customers requiring assistance deploying Netwrix Auditor 10.5 should contact the support team via the customer web portal or by phone in the US at +1.888.638.9749.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Pavan Naidu 292 posts

A second-year student pursuing journalism and communication. A media enthusiast who has a strong grip on communication and content writing. I am a quick learner with creative skills who can easily adapt to dynamic work environments.

You might also like
Crypto

WazirX Suffers $230 Million Cyberattack, Launches Bounty Programs for Recovery

Crypto

Major Security Breach At WazirX: $230 Million In Crypto Stolen by Hackers

Security

Call Records and Text From Nearly All Customers Were Hacked Through A Cloud Service:…

Security

Airtel Denies Data Breach Claims, Calls Allegations a Desperate Attempt to Tarnish…

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More