Multiple threat groups were able breach a federal agency and steal data by exploiting a years-old Progress Telerik vulnerability in an unpatched Microsoft Internet Information Services (IIS) Web server — and the Cybersecurity and Infrastructure Security Agency (CISA) wants other IT security teams to be on the lookout for similar exposure.
The Federal Civilian Executive Branch (FCEB) was compromised from last November to January 2023 after threat actors were able to exploit a .NET deserialization Telerik vulnerability from 2019 (CVE-2019-18935) in the agency’s Microsoft Internet Information Services (IIS) Web server, CISA reported.
CISA, along with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued indicators of compromise and warn teams running Telerik UI for ASP.NET Ajax builds from earlier than 2020 who are concerned about unpatched servers to immediately:
- Implement a patch management solution to ensure compliance with the latest security patches.
- Validate output from patch management and vulnerability scanning against running services to check for discrepancies and account for all services.
- Limit service accounts to the minimum permissions necessary to run services.
Source: www.darkreading.com