Exchange Pwn2Own Vulnerability April 2021 (Yes, a new one – it’s not Hafnium anymore!)

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.

Some security researchers have demonstrated three high risk vulnerabilities for exchange server systems. Microsoft has published information about the vulnerability today and even has a patch for the problem already in place.

Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.

This blog post regards the following CVE reports:

CVE-2021-28480
CVE-2021-28481
CVE-2021-28482
CVE-2021-28483

Protection in place?

We will inform you here, as soon as our vendors have protection for those vulnerabilities in place.

Last update: 15.04.2021 13:40

Fortinet

Protection is available (for FortiClient only at the moment)

https://www.fortiguard.com/encyclopedia/endpoint-vuln/67270

FortiGate hardware acceleration step-by-step troubleshooting

One of the very powerful features of FortiGate hardware appliances is the hardware acceleration chipset included in the hardware platform. This allows to forward traffic in specific situations directly from the incoming interface to the outgoing interface without passing the CPU of the system. This can safe a huge amount of system load on your FortiGate.

In most cases, hardware acceleration is working flawlessly. But in some very rare cases, hardware acceleration may cause problems. Or the hardware acceleration is not working at all and the packets have to be handled by the CPU of your FortiGate.

This guide will lead you through the important troubleshooting steps.

«FortiGate hardware acceleration step-by-step troubleshooting» weiterlesen

Exchange Hafnium Vulnerability March 2021

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.

Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.

This blog post regards the following CVE reports:

CVE-2021-26855
CVE-2021-26857
CVE-2021-26858 and CVE-2021-27065

Below you can find the related articles or microsites to the matter from our different vendors we distribute.

Please note, that some of the solutions had a signature in place already, when the broad exploitation of the vulnerability started. Therefore not only the information IF a signature is available, it is also important from WHEN this signature has been applied on your system.

Fortinet

Protection is available

https://fndn.fortinet.net/FortiGuard-Alert-Outbreaks/Hafnium-full/

FortiSIEM is even able to detect activities related to this vulnerability.

Palo Alto

Protection is available

https://unit42.paloaltonetworks.com/microsoft-exchange-server-attack-timeline/

Kaspersky

Protection is available

https://www.kaspersky.com/blog/exchange-vulnerabilities/38964/

WatchGuard

Protection is available

https://techsearch.watchguard.com/KB?SFDCID=kA10H000000Xe1SSAS
https://www.secplicity.org/2021/03/08/chinese-state-actors-exploit-0-day-vulnerabilities-targeting-on-premise-exchange-server

The Swiss National Cybersecurity Centre (NCSC) has a new website

-> German version attached below.

The Swiss National Cyber Security Centre has a new form to report attacks on infrastructures of Swiss companies. Furthermore, the website has been revised and now has some more information to offer than before.

Website: https://www.ncsc.admin.ch/

On the website you can also find valuable information and recommendations for IT specialists: https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-it-spezialisten.html.

Also, the Website of the Computer Emergency Response Team (GovCERT) is very informative and well to know. Have a look into their blog also. An RSS subscription may be a good decision.


Das Nationale Zentrum für Cybersicherheit der Schweiz hat ein neues Formular um Angriffe auf Infrastrukturen von schweizer Firmen zu melden. Ausserdem wurde die Webseite überarbeitet und hat nun einige Informationen mehr zu bieten als bisher.

Webseite: https://www.ncsc.admin.ch/

Auf der Webseite sind auch wertvolle Informationen und Empfehlungen für IT Spezialisten zu finden: https://www.ncsc.admin.ch/ncsc/de/home/infos-fuer/infos-it-spezialisten.html

Auch die Webseite des Computer Emergency Response Team (GovCERT) ist sehr informativ und praktisch zu kennen. Einen Blick in den Blog lohnt sich. Auch das Abonnieren des RSS Feeds ist eine gute Entscheidung.

FortiGate SSLVPN Update-Empfehlung

Update, Nov 2020:

More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have already been patched.

Two days ago, this list was extended with usernames and passwords that were exploted via this vulnerability. Even if the Fortigates have been patched – as long as the passwords have not been changed, an attacker could still use them to gain access to protected networks.

«FortiGate SSLVPN Update-Empfehlung» weiterlesen

Fortinet Wireless FAQ

Die Fortinet WiFi Produkte erfreuen sich schon länger zunehmender Beliebtheit. Dies nicht zuletzt, weil die FortiAP und Controller je länger je angewandtere Technologien bieten und daher unterdessen praktisch alle vorstellbaren Einsatzszenarien abdecken.

Da mit dem Featureset zugleich auch die Komplexität der Systeme mit wächst, möchten wir ihnen mit diesem Artikel einen Überblick über die Technologie, die Funktionalität  und deren Einschränkungen verschaffen.

«Fortinet Wireless FAQ» weiterlesen

Offene Ports an der FortiGate

Die FortiGate ist ein genialer Kommunikationsspezialist in vielfacher Hinsicht. Gleichzeitig ist es aber auch ein Türsteher und Wächter erster Güte. Von Zeit zu Zeit stellt sich nun die Frage, welcher dieser Qualitäten der Vorrang eingeräumt werden soll. Natürlich mögen wir alle die eierlegende Woll-Milch-Sau, auch wenn wir uns oft darüber amüsieren. Jedoch sind in gewissen Situationen Qualitäten gefragt, welche eine eierlegende Woll-Milch-Sau nicht bieten kann. Die FortiGate schon.

«Offene Ports an der FortiGate» weiterlesen