ACSC warns of Telerik UI attacks


By Dylan Bushell-Embling
Wednesday, 04 March, 2020


ACSC warns of Telerik UI attacks

The Australian Cyber Security Centre (ACSC) has warned of a new remote code execution attack campaign involving “sophisticated actors” targeting unpatched versions of the Telerik user interface for the AJAX extensions of the ASP.NET web application framework.

The Telerik UI for ASP.NET AJAX was developed by Bulgaria’s Telerik for Microsoft’s AJAX extensions.

Attackers are actively scanning for and attempting to exploit the vulnerability discovered in a number of Telerik products November 2019, which was the subject of a previous ACSC advisory.

The remote code execution attack requires knowledge of Telerik RadAsyncUpload encryption keys, which can be accessed via exploitation of vulnerabilities present in unpatched versions of Telerik software released between 2007 and 2017, the ACSC said.

The agency has urged all Australian organisations using Telerik installations by identifying DLLS within web application root directories using software asset management or host-based inspection software.

Use of Telerik can also be detected by inspecting Internet Information Service (IIS) web server logs or — less effectively — using through network vulnerability scanners.

Any unpatched installations should be updated ASAP and organisations should apply the recommended mitigations from Telerik.

Meanwhile, organisations that have used vulnerable versions of Telerik should look for signs of compromise by scanning for requests to the vulnerable resource — in this case HTTP POST requests to Telerik.Web.UI.WebResource.axd?type=rau. Organisations should also scan IIS web request and other web application logs for suspicious requests.

The ACSC is also urging organisations to implement complementary security controls such as segregating internet facing servers whenever possible and implementing other components of the Australian Signals Directorate's Essential Eight threat mitigation strategies.

Image credit: ©stock.adobe.com/au/robsonphoto

Related News

NAB using voice biometrics to verify customers

NAB has signed on 120,000 customers to its VoiceID biometrics authentication service since its...

New malware can steal data from air-gapped systems

ESET researchers have uncovered a new malware toolkit that appears to be designed to exfiltrate...

Legislation passed to protect COVIDSafe app data

The Privacy Amendment Act 2020 will prescribe civil and criminal penalties for app...


  • All content Copyright © 2020 Westwick-Farrow Pty Ltd