In recent years, cyber threats have become increasingly sophisticated, and the number of successful attacks on web servers has risen dramatically. One of the most significant threats to web servers is the exploitation of vulnerabilities in Progress Telerik, a popular software development tool. In this blog post, we will discuss the vulnerabilities in Progress Telerik and provide recommendations on how to protect your web server from these exploits.
Progress Telerik is a software development tool that provides developers with a wide range of user interface components for building web applications. Telerik UI for ASP.NET AJAX is a popular component of the Progress Telerik suite, which allows developers to create responsive and interactive web applications quickly. However, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to remote code execution exploits.
The vulnerabilities in Progress Telerik are related to a .NET deserialization vulnerability (CVE-2019-18935). Successful exploitation of this vulnerability allows for remote code execution, which can lead to the complete compromise of a web server. Cyber threat actors have been exploiting this vulnerability to gain access to web servers and steal sensitive data. Identification of this and hundreds of other CVE's can be achieved through regular Penetration Testing which identifies these vulnerabilities early and allows you to proactively patch before cyber criminals gain access.
To protect your web server from Progress Telerik exploits, you should follow the recommendations provided by the Cybersecurity and Infrastructure Security Agency (CISA) and your Penetration Testing team. Here are some of the key recommendations:
1. Upgrade all instances of Telerik UI ASP.NET AJAX to the latest version after appropriate testing. Keep all software up to date and prioritize patching to known exploited vulnerabilities (KEVs). [CPG 5.1]
2. Implement a patch management solution to ensure compliance with the latest security patches. 3. Validate output from patch management and vulnerability scanning against running services to check for discrepancies and account for all services.
4. Limit service accounts to the minimum permissions necessary to run services.
5. Monitor and analyze activity logs generated from Microsoft IIS and remote PowerShell. Collect access and security focused logs (IDS/IDPS, firewall, DLP, VPN) and ensure logs are securely stored for a specified duration informed by risk or pertinent regulatory guidance. [CPG 3.1, 3.2] 6. Evaluate user permissions and maintain separate user accounts for all actions and activities not associated with the administrator role, e.g., for business email, web browsing, etc. All privileges should be reevaluated on a recurring
Comments