Threat Watch

QNAP Warns of Zerologon Flaw in Network Attached Storage Devices

Network-attached storage (NAS) device manufacturer QNAP is warning its customers that some NAS devices running vulnerable versions of the QTS operating system are exposed to attacks that exploit the ZeroLogon (CVE-2020-1472) vulnerability. QNAP stated that “If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller in Control Panel > Network & File Services > Win/Mac/NFS > Microsoft Networking.” While NAS devices are not commonly used as a Windows domain controller, some companies may want to use this feature to allow IT personnel to manage user accounts, authentication, and to enforce domain security. Zerologon is a critical Windows vulnerability that allows attackers to gain administrator privileges and to take control of an entire domain. Earlier this month, Microsoft warned that both nation state-backed attackers and financially motivated criminals have already started using Zerologon in their attacks.

ANALYST NOTES

QNAP users are strongly recommended to update their devices to the latest operating system along with all installed apps to defend from Zerologon attacks. QNAP users can either use the manual update feature through using the QNAP download Center or automatically by accessing the control panel and checking for updates. By updating the operating system and installed apps, not only will the user be defending from Zerologon but also two vulnerabilities that QNAP addressed a month ago. Using QNAP NAS devices as Domain Controllers is not recommended, even after applying all the patches.

Source Article: https://www.bleepingcomputer.com/news/security/qnap-warns-of-windows-zerologon-flaw-affecting-some-nas-devices/