ACSC warns of Telerik UI attacks


By Dylan Bushell-Embling
Wednesday, 04 March, 2020

ACSC warns of Telerik UI attacks

The Australian Cyber Security Centre (ACSC) has warned of a new remote code execution attack campaign involving “sophisticated actors” targeting unpatched versions of the Telerik user interface for the AJAX extensions of the ASP.NET web application framework.

The Telerik UI for ASP.NET AJAX was developed by Bulgaria’s Telerik for Microsoft’s AJAX extensions.

Attackers are actively scanning for and attempting to exploit the vulnerability discovered in a number of Telerik products November 2019, which was the subject of a previous ACSC advisory.

The remote code execution attack requires knowledge of Telerik RadAsyncUpload encryption keys, which can be accessed via exploitation of vulnerabilities present in unpatched versions of Telerik software released between 2007 and 2017, the ACSC said.

The agency has urged all Australian organisations using Telerik installations by identifying DLLS within web application root directories using software asset management or host-based inspection software.

Use of Telerik can also be detected by inspecting Internet Information Service (IIS) web server logs or — less effectively — using through network vulnerability scanners.

Any unpatched installations should be updated ASAP and organisations should apply the recommended mitigations from Telerik.

Meanwhile, organisations that have used vulnerable versions of Telerik should look for signs of compromise by scanning for requests to the vulnerable resource — in this case HTTP POST requests to Telerik.Web.UI.WebResource.axd?type=rau. Organisations should also scan IIS web request and other web application logs for suspicious requests.

The ACSC is also urging organisations to implement complementary security controls such as segregating internet facing servers whenever possible and implementing other components of the Australian Signals Directorate's Essential Eight threat mitigation strategies.

Image credit: ©stock.adobe.com/au/robsonphoto

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd