According to the new report, holes exploited by stolen FireEye tools can be closed
atch management is emerging as an important strategy for infosec professionals to deal with the potential exploitation of their networks from the recent theft of FireEye's intrusion testing tools.
The so-called Red Team devices emulated cyber-attacks against customers authorized by FireEye, exploiting vulnerabilities in the Solar Winds Orion Network Management Suite. According to FireEye, the tool is used to automate everything from simple scripts to entire structures that are similar to publicly available technologies such as Cobaltstrike and Metasploit.
In a blog on Tuesday, Qualis researchers said they have identified more than 7.54 million instances of sensitive applications related to FireEye tools with 5.29 million unique assets in their customer base.
However, of that 7.54 million, approximately 99.84 percent are from eight vulnerabilities in Microsoft Windows, Office and Exchange Server. Patches have been available to them for some time. They include a patch for the Windows Diverton vulnerability, which was released on 11 November.
Qualis also determined that there are hundreds of unsafe examples of the SolarWind Orion platform among its customers.
"Based on the broader risk and scale of these risks, it is necessary for organizations to assess the status of these vulnerabilities and quickly patch all their assets onto missing patches," Qualis said.
FireEye tools can be used to exploit unused vulnerabilities in products from Pulse Secure, Fortinet, Atlassian, Citrix, Joho and Adobe. FireEye has published this list of vulnerabilities in order of critical priority.
No comments