BlogCareersContact Us
< Back to Blog

Fix the Vulnerabilities in the FireEye SolarWinds Hack

Rhett Glauser
 | Dec 15, 2020
 | Vulcan Cyber CMO

Foreign hackers have been using multiple, layered software vulnerabilities to hack into “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” as described in this FireEye blog post. This Vulcan Cyber blog post explains how to fix the vulnerabilities targeted by the red team tools used in the FireEye hack, initiated by the SolarWinds Sunburst advanced persistent threat attack campaign.

FireEye has done the needful and specifically disclosed the vulnerabilities that their red team tools were designed to ethically exploit. All of the vulnerabilities targeted in the FireEye hack have been disclosed by their respective vendors and have a CVE assigned. More importantly there are fixes, remedies and patches available for each of them detailed below.

Vulcan Cyber, and the vendors who have previously disclosed these vulnerabilities, strongly encourage all IT security teams to quickly evaluate their risk and exposure to these vulns, prioritize them, and then “get fix done” as soon as possible. A list of these vulnerabilities is provided below with recommended remedies linked to in the free Vulcan Remedy Cloud library. These vulnerabilities are the foundational attack vector in this scenario and fixing them should be the first priority in response to this threat.

And while not considered one of the vulnerabilities targeted in the FireEye hack, all SolarWinds Orion customers should quickly update their tools to protect against this potential backdoor by following the instructions in this SolarWinds Security Advisory.

Please also follow the FireEye red team tool countermeasures provided in this blog post and in this FireEye GitHub repo.

A list of CVEs targeted by the FireEye Red Team tools, a brief description of each, its CVSS score, and remedies in Remedy Cloud:

As with most security threats, there are ways to protect your business from the hackers and the bad actors but it takes work and diligence. Vulcan Cyber and FireEye both make tools used by IT security teams to proactively protect digital business from a long list of vulnerabilities and exploits.

Vulcan Cyber makes vulnerability remediation orchestration tools that help teams fix, patch and remedy known vulnerabilities. FireEye makes tools used by corporate red teams, or ethical hackers, to simulate attacks on a company’s people, networks, applications in an effort to measure how well the company can protect itself and withstand an attack from a real-life hacker with bad intentions. If these red team tools got into the hands of actual hackers it could be a bad situation for companies who have yet to remediate the vulnerabilities that can be exploited using the red team tools.

If your company has diligently stayed on top of high-priority vulnerabilities and you remediate known issues in a timely manner, then you probably have nothing to worry about. But a mature vulnerability remediation program is the exception rather than the rule and most companies fall short in their efforts to patch and secure even the most severe vulnerabilities.

Please consider using Remedy Cloud as a free service to help you and your team efficiently identify and fix these 16 vulnerabilities targeted in the SolarWinds and FireEye hack.

About the Author

Rhett Glauser

Rhett has been running corporate marketing and demand generation functions in the enterprise infrastructure and security markets for a really long time. Prior to Vulcan Cyber Rhett spent more than two decades with SaltStack, ServiceNow, Symantec and Altiris.

People also read

The MITRE ATT&CK framework and more – introducing Voyager18

Read More >

9 AWS Security Tools You Should Know About

Read More >

SANS Cloud Security Survey 2022 – highlights

Read More >

How to fix the zero day CVE-2022-22620 vulnerability

Read More >

CIS Benchmarks and system hardening: the ultimate guide

Read More >
< Back to Blog
Did you find this interesting? Share it with others: