Threat Watch

Zero-day in SolarWinds’ MSP n-Central Tool Allows Theft of Admin Credentials:

Originally reported to SolarWinds on October 10th, this flaw known as “Dumpster Diver,” allows attackers to gain domain administrator credentials, essentially granting them control over the entire system. Proof-of-concept code to exploit the vulnerability is available. While SolarWinds pushed out a hotfix quite recently, Vice President of Security for SolarWinds, Tim Brown, stated that as of January 24th, there were no known instances where this exploit was used maliciously. Additionally, a mitigation tool can be used in the event that the hotfix cannot be applied.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

The best solution to this vulnerability is to patch with the latest hotfix. However, if patching is not a solution, a mitigation tool has been made available by SolarWinds. As this exploit could expose domain administrator credentials, it is important to have logging and skilled monitoring in place to identify any malicious domain administrator login events. Binary Defense SOC analysts monitor clients’ endpoints 24-hours a day for signs of attacker behaviors on workstations and servers to quickly stop attacks.
https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support