Zero-day in SolarWinds’ MSP n-Central Tool Allows Theft of Admin Credentials: - Binary Defense

Threat Watch

Stay informed of cybersecurity news & events

Zero-day in SolarWinds’ MSP n-Central Tool Allows Theft of Admin Credentials:

Share on facebook
Share on twitter
Share on linkedin

Originally reported to SolarWinds on October 10th, this flaw known as “Dumpster Diver,” allows attackers to gain domain administrator credentials, essentially granting them control over the entire system. Proof-of-concept code to exploit the vulnerability is available. While SolarWinds pushed out a hotfix quite recently, Vice President of Security for SolarWinds, Tim Brown, stated that as of January 24th, there were no known instances where this exploit was used maliciously. Additionally, a mitigation tool can be used in the event that the hotfix cannot be applied.

ANALYST NOTES

The best solution to this vulnerability is to patch with the latest hotfix. However, if patching is not a solution, a mitigation tool has been made available by SolarWinds. As this exploit could expose domain administrator credentials, it is important to have logging and skilled monitoring in place to identify any malicious domain administrator login events. Binary Defense SOC analysts monitor clients’ endpoints 24-hours a day for signs of attacker behaviors on workstations and servers to quickly stop attacks. https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.