All WhatUp Gold old versions are compromised and user credentials are exploited

All WhatUp Gold old versions are compromised and user credentials are exploited.

WhatsUp Gold streamlines network monitoring workflows by letting you initiate management tools directly from the interactive map. It manages networks, traffic, physical servers, VMs and applications with easy-to-use and customizable maps, dashboards and alerts. 

Using this we can switch between physical, virtual, wireless, and dependency views to resolve DevOps monitoring issues or activities quickly.

It is used by the DevOps or networking team in the major organizations across the globe.

SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.

This can allow an attacker to view data that they are not normally able to retrieve.

This might include data that belongs to other users, or any other data that the application can access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behaviour.

All old version of the WhatsUp Gold have a SQL Injection vulnerability which allows an unauthenticated attacker to retrieve the user’s encrypted password.  WhatsUp Gold authentication to exploit the Active Monitor PowerShell Script and ultimately download various remote access tools for gaining persistence on the Windows host.

Hence it is recommended for all the organization customer of WhatUp Gold utilizing in their network, and DevOps Teams to upgrade their WhatsUp Gold versions to 2024.0.0

#Network, #SQL Injection, #WhatUp Gold, #Microsoft Windows Server 2016,  #Microsoft Windows Server 2019, #Microsoft Windows Server 2022, 

 

Microsoft Auto-Update feature grants the administrative privileges to windows machines and servers

Microsoft Auto-Update feature grants the administrative privileges to windows machines and servers

 

Microsoft Auto-Update has the Elevation of Privilege Vulnerability, and with the help of this, any attacker is possible exploit and login as windows administrator through a malicious request.  

Microsoft Auto-Update privilege elevation vulnerability gives admin privileges in Windows 10, Windows 11, Windows Server, and in the cloud servers.

Utilizing this venerability, it is possible to configure group policies to prevent 'Standard' users from performing MSI installer operations, elevate their privileges to help spread laterally within the network and download arbitrary or any data from the network.

It is recommended to temporarily disable the Microsoft Auto-Update feature until a patch for this vulnerability is released or be cautious with the malicious requests, if the vulnerability already exists in the machines or servers.

 

A security feature in the Chrome web browser which has been designed to mitigate JavaScript memory corruption issues has security vulnerabilities

 

The earlier version of Chrome i.e., beforehand 128.0.6613.84, allows a remote attacker to potentially exploit memory corruption or access all the system or server resources via a constructed HTML page.

INSIGHTS ABOUT THE THREAD:

Chrome V8 Engine, has been designed in JavaScript engine which executes the JavaScript code.  V8 is written in C++ and it can execute the C++ programs which knobs the file system, database and network connections and  this permits to construct C++ in JavaScript, and this will be executed via V8.

It can execute JavaScript code either within or outside of a browser.

V8 is used in the Chromium-based web browsers - Google Chrome, Brave, Opera, Vivaldi, Microsoft Edge, and in the Couchbase database server.

Hence forth using this exploitation, if the organization/individuals have old browsers in machines or in server entire organization/individuals’ data in filesystem & databases, and network can be controlled/accessed.

Hence as part of DevOps Security Practices, it is encouraged to update the browser to the latest version to come over these security vulnerabilities.