Some network-attached storage (NAS) devices could be vulnerable to the Windows Zerologon security flaw, according to NAS manufacturer QNAP. Attackers could exploit the bug to bypass security measures remotely. NAS devices running a vulnerable version of the QTS operating system are deemed to be at risk.
In addition, NAS devices must be configured as a Windows domain controller to be exploited by a threat actor. This is admittedly not a particularly common occurrence but IT managers may decide to use NAS devices to configure user accounts and security, so it is a possibility.
“To secure your device, we strongly recommend updating QTS and all installed applications to their latest versions to benefit from vulnerability fixes,” QNAP advised via a security bulletin. “You can check the product support status to see the latest updates available to your NAS model.”
Get patched up
For added clarity, QNAP has confirmed that both the QTS 2.x and QES operating systems are not affected by the CVE-2020-1472 vulnerability that enables the Zerologon exploit. The issue has also been patched for a number of other QTS builds.
Users can install the latest QNAP operating system by visiting the QNAP Download Center or by logging on to QTS as an administrator, clicking through to the Live Update section and checking for any available updates. Updating applications installed on a NAS device again involves logging on as an administrator before going to the App Center to check for any available updates.
The Zerologon exploit has made headlines recently after it began to be employed by organised cybercriminals and state-sponsored hackers. Microsoft reports that Iranian hacking groups that go by the names MERCURY or MuddyWater had used the Zerologon exploit to target NGOs and human rights groups.