Netwrix Auditor bug could lead to Active Directory domain compromise

Netwrix IT Asset Tracker and Compliance Auditor, used in more than 11,500 organizations, contains a critical insecure object deserialization vulnerability that could lead to Active Directory domain compromise, warns a new advisory.

The CVE is pending, according to Bishop Fox, who just released details of the vulnerability, which affects all older supported versions of Netwrix application versions, up to 9.96.

Organizations should immediately update their Netwrix apps to the latest version, 10.5, released June 6, to protect their systems, the researchers say.

The bug was discovered by an nmap TCP port scan of a Netwrix Auditor server, the said Bishop Fox’s alert. “The Netwrix Auditor application is affected by an insecure object deserialization issue that allows an attacker to execute arbitrary code with the privileges of the affected service,” says the Bishop Fox team. “In a typical real-world scenario, the Netwrix Auditor services would run with a highly privileged account, which could lead to a complete compromise of the Active Directory environment.”

Keep up to date with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly straight to your inbox.