11 May 2017
Shadow Brokers release of software vulnerabilities
Over the past nine months, the Shadow Brokers group has been releasing information about software vulnerabilities. These relate to Cisco and Microsoft products in particular.
What to do
The Cisco product vulnerabilities are more concerning than the Microsoft vulnerabilities, as some of the Cisco vulnerabilities can't be patched at the present time. One such vulnerability has been identified in the Internet Key Exchange version 1 (IKEv1) packet processing code in certain versions of:
- Cisco IOS,
- Cisco IOS XE, and
- Cisco IOS XR Software.
This vulnerability could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. If this affects your organisation, the official recommendation from Cisco is to ensure that you have an Intrusion Prevention / Detection System operational on your network. Cisco have provided Snort Rules and IPS signatures on the Cisco security blog.
For organisations affected by the Cisco vulnerabilities, particularly while there's no known mitigation, we recommend considering the security implications of using these products. While you may be protected from an individual point of compromise, some attackers could chain together a series of vulnerabilities to find unauthorised ways into your network.
We also recommend that you discuss any concerns with your Cisco reseller. They should be able to detail any potential impacts on your organisation.
Ask your MSP:
- what they're doing to mitigate the vulnerabilities around these products
- if they've implemented either the Snort or IPS rules released by Cisco
- if they've implemented the CIS Critical Security Controls v6 (or equivalent)
- what protections are in place to keep your network safe if an attacker compromises you through the Cisco vulnerabilities
- what level of network monitoring is being conducted to ensure unauthorised access hasn’t occurred.
For users of Microsoft products, we encourage you to ensure that patching is up to date. It’s important to note that end-of-life software no longer supported by Microsoft remains at risk of exploitation. This includes:
- Windows XP
- Office 2003, and
- Windows Server 2003 Operating System.
Microsoft have provided an update on specific vulnerabilities, stating that the patches they’ve released have fixed them.
Get in touch with your IT service provider if you:
- need help to implement fixes, or
- have any concerns about whether these vulnerabilities affect your organisation.
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.