New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

Researchers have disclosed particulars about a security vulnerability in the Netwrix Auditor software that, if properly exploited, could lead to arbitrary code execution on afflicted devices.

“Because this assistance is typically executed with substantial privileges in an Energetic Directory natural environment, the attacker would most likely be in a position to compromise the Lively Directory area,” Bishop Fox said in an advisory posted this 7 days.

Auditor is an auditing and visibility platform that enables businesses to have a consolidated perspective of their IT environments, including Active Directory, Trade, file servers, SharePoint, VMware, and other systems—all from a single console.

Netwrix, the firm at the rear of the software program, statements extra than 11,500 shoppers throughout about 100 international locations, this kind of as Airbus, Virgin, King’s Faculty Healthcare facility, and Credissimo, between other people.

The flaw, which impacts all supported variations prior to 10.5, has been described as an insecure object deserialization, which happens when untrusted user-controllable facts is parsed to inflict remote code execution attacks.

The root bring about of the bug is an unsecured .NET remoting support which is accessible on TCP port 9004 on the Netwrix server, enabling an actor to execute arbitrary instructions on the server.

“Given that the command was executed with NT AUTHORITYSYSTEM privileges, exploiting this issue would enable an attacker to entirely compromise the Netwrix server,” Bishop Fox’s Jordan Parkin stated.

Companies relying on Auditor are encouraged to update the application to the hottest variation, 10.5, released on June 6, to thwart any likely hazards.

Discovered this post fascinating? Follow THN on Facebook, Twitter  and LinkedIn to study a lot more distinctive content material we write-up.

Some parts of this post are sourced from:
thehackernews.com