December 12th, 2022: CyberHoot has learned of a critical vulnerability in ConnectWise and SonicWall Capture Client (and other EDR products listed below). MSPs are urged to take emergency action to patch their systems ASAP. Evidence has surfed of exploits in the wild resulting in arbitrary code execution with elevated admin privileges.
“In computer security, a wiper is a class of malware intended to erase (wipe, hence the name) the hard drive of the computer it infects, maliciously deleting data and programs.” Wikipedia
Critical Advisory Alert: Immediate Action Required
The following software solutions were identified and tested by ConnectWise. Additional systems may be at risk. Check your vendor advisory pages to confirm exposures and patch asap.
Avast & AVG Antivirus:
ConnectWise Advisory: https://www.connectwise.com/company/trust/advisoriesMicrosoft Defender Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37971Avast and AVG Advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4173Trend Micro Advisory: https://success.trendmicro.com/dcx/s/solution/000291830?language=en_US
SonicWall Capture Client Advisory: https://www.sonicwall.com/support/knowledge-base/capture-client-differences-between-sonicwall-managed-and-self-managed-versions/181114002946980/Time-of-Check and Time-of-Use Definition: https://cwe.mitre.org/data/definitions/367.htmlSonicWall Aikido Advisory: https://www.sonicwall.com/support/knowledge-base/aikido-exploit-and-its-impact-on-sonicwall-capture-client/221213114338960/BlackHat SafeBreach Announcement: Aikido Vulnerability https://i.blackhat.com/EU-22/Wednesday-Briefings/EU-22-Yair-Aikido-Turning-EDRs-to-Malicious-Wipers.pdf
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Spoiler alert: If you’re still using “password123” or “iloveyou” for your login… it’s time for an...
Read moreStop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.