ACSC warns of Telerik UI attacks


By Dylan Bushell-Embling
Wednesday, 04 March, 2020

ACSC warns of Telerik UI attacks

The Australian Cyber Security Centre (ACSC) has warned of a new remote code execution attack campaign involving “sophisticated actors” targeting unpatched versions of the Telerik user interface for the AJAX extensions of the ASP.NET web application framework.

The Telerik UI for ASP.NET AJAX was developed by Bulgaria’s Telerik for Microsoft’s AJAX extensions.

Attackers are actively scanning for and attempting to exploit the vulnerability discovered in a number of Telerik products November 2019, which was the subject of a previous ACSC advisory.

The remote code execution attack requires knowledge of Telerik RadAsyncUpload encryption keys, which can be accessed via exploitation of vulnerabilities present in unpatched versions of Telerik software released between 2007 and 2017, the ACSC said.

The agency has urged all Australian organisations using Telerik installations by identifying DLLS within web application root directories using software asset management or host-based inspection software.

Use of Telerik can also be detected by inspecting Internet Information Service (IIS) web server logs or — less effectively — using through network vulnerability scanners.

Any unpatched installations should be updated ASAP and organisations should apply the recommended mitigations from Telerik.

Meanwhile, organisations that have used vulnerable versions of Telerik should look for signs of compromise by scanning for requests to the vulnerable resource — in this case HTTP POST requests to Telerik.Web.UI.WebResource.axd?type=rau. Organisations should also scan IIS web request and other web application logs for suspicious requests.

The ACSC is also urging organisations to implement complementary security controls such as segregating internet facing servers whenever possible and implementing other components of the Australian Signals Directorate's Essential Eight threat mitigation strategies.

Image credit: ©stock.adobe.com/au/robsonphoto

Related News

Lack of leadership buy-in biggest obstacle to digital trust: report

A new report from ISACA says that many organisations say that in five years digital trust will be...

Lack of customer confidence affecting security strategies: report

A survey from LogRhythm finds three-quarters of ANZ companies changed their security strategy...

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd