A vulnerability in Netwrix’s Auditor software, which allows attackers to run arbitrary code and potentially compromise an organization’s Active Directory domain, has just been patched. Researchers at Bishop Fox found the bug in the IT auditing program.
The cybersecurity company identified it as a critical insecure object deserialization problem brought on by an unsecure.NET remoting service in an advisory that was published last week. The corporation has made it clear that access to the internal network is necessary to exploit the security gap, making it unlikely that an attacker could take advantage of the weakness from outside the targeted organization.
Version 10.5 of Netwrix Auditor, which was released in the first week of June, has a patch for the vulnerability.