{"id":21659,"date":"2022-04-15T17:14:35","date_gmt":"2022-04-15T17:14:35","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=21659"},"modified":"2022-04-15T18:44:12","modified_gmt":"2022-04-15T18:44:12","slug":"watchguard-windows-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/watchguard-windows-vulnerabilities\/","title":{"rendered":"WatchGuard, Windows Vulnerabilities Require Urgent Fixes"},"content":{"rendered":"

Vulnerabilities in WatchGuard firewalls<\/a> and Microsoft Windows and Windows Server need to be patched and fixed immediately, security organizations said in alerts this week.<\/p>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged organizations to patch a critical WatchGuard firewall vulnerability (CVE-2022-23176<\/a>) that affects the Fireware operating system running on WatchGuard Firebox and XTM appliances, and government agencies have been told to patch the flaw by May 2.<\/p>\n

The vulnerability has a high severity score of 8.8 and impacts Fireware OS versions before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3.<\/p>\n

The vulnerability has been exploited by the Sandworm threat group – which was the subject of another urgent threat alert<\/a> this week – and allows a remote attacker with unprivileged credentials \u201cto access the system with a privileged management session via exposed management access.\u201d<\/p>\n

Sandworm used malware<\/a> dubbed \u201cCyclops Blink\u201d to create a botnet that performs CVE-2022-23176 exploits and turns the infected devices into command and control servers. WatchGuard estimated that only a limited number (around 1%) of firewall appliances were affected, though.<\/p>\n

Last week, the botnet was disrupted by the U.S. Justice Department<\/a> before doing more damage, but Firebox devices remain vulnerable. Defenders and administrators must apply mitigations recommended by WatchGuard to clean infected devices before updating them to the latest Fireware OS version.<\/p>\n

WatchGuard indicates that \u201cremediation steps differ from the usual upgrade steps you might be used to.\u201d Indeed, applying usual steps would not fix the problem in this case.<\/p>\n

Whether your firewall has been compromised or not, you must patch to the latest version of Fireware to prevent the exploit. WatchGuard provides a detailed 4-Step Cyclops Blink Diagnosis and Remediation Plan<\/a> that includes the following advisories:<\/p>\n