Skip to content
Search
Get A Demo
Free SIEM
    Get A Demo
    Free SIEM
      July 18, 2022

      Netwrix Auditor Bug Threatens Active Directory Domain

      What Happened

      An Insecure Object Deserialization vulnerability was discovered in Netwrix Auditor, an IT asset tracker and auditing platform. This flaw potentially enables threat actors to compromise Active Directory domains.

      The vulnerability affects all supported versions of Netwrix prior to 10.5.

      Netwrix has over 11,500 customers, according to the company, and has a robust MSP partner program.

      How Bad is This?

      The vulnerability is still pending, but its severity is critical, according to Bishop Fox in its advisory. An attacker can submit arbitrary objects through an unsecured .NET remoting service to achieve remote code execution (RCE) on Netwrix Auditor servers. 

      RCE is one of the most dangerous types of flaws because it allows an adversary to execute malicious code on vulnerable servers. Additionally, compromising an AD domain gives attackers “the keys to the kingdom,” enabling them to perform a variety of malicious activities through the environment. 

      What Should I Do?

      Organizations running Netwrix should immediately upgrade to the latest version of the software, and if possible, inventory all systems to discover any possible out-of-date installs of Netwrix Auditor. Blumira also recommends using a SIEM to discover attacker behavior in your systems.

      How To Detect

      There are still details needed on this vulnerability to determine detection methods. At the present time, general cybersecurity best practices are recommended, including using an endpoint detection and response (EDR) solution on all endpoints, ensuring that WAN firewalls are configured to not allow access on insecure or unneeded ports, and using a SIEM to detect attacker behavior.

      Sign Up For Your Free Account

      Blumira’s cloud SIEM detects and alerts you about suspicious behavior in your environment so that you can stop an incident early enough to prevent damage. Each finding we send is accompanied with a security playbook, giving you clear recommendations on how to remediate an attack. Our support team of security analysts is always available to answer questions on how to interpret a finding, or for other security help. 

      Blumira’s free SIEM is easy to deploy; IT and security teams can start seeing immediate security value for their organizations.

      Free Trial

      Tag(s): MSP , Security Alerts , Blog , CVE

      Chris Furner

      Chris joined Blumira after spending more than 7 years at Worksighted, an 85-employee MSP. As a security engineer and consultant, Chris spent several years building security programs for customers, analyzing threats and performing incident response. In the process, he developed a deep understanding of the unique needs...

      More from the blog

      View All Posts
      SIEM XDR
      7 min read | November 5, 2024

      WARNING: Some “SIEM” Vendors Are Not Actually Selling A SIEM

      Read More
      MSP
      7 min read | October 8, 2024

      Building a security-first culture for MSPs: Always ready, always protected

      Read More
      SIEM XDR
      10 min read | April 18, 2024

      Customer Story: Connect Cause

      Read More