Microsoft Defender for Endpoint Touted in Netgear Router Flaw Discovery
Microsoft on Wednesday described its discovery of a side-channel attack on Netgear DGN-2200v1 wireless home DSL routers that enabled authentication bypass.
Netgear had issued an advisory on the issue last year, and recommended applying a firmware patch. Netgear's advisory characterized the router as having "multiple HTTPd authentication vulnerabilities." HTTPd is the "Apache HyperText Transfer Protocol daemon," which is used as a Web server.
While the Netgear DGN-2200v1 router is for home networks, it and "other Internet-facing systems" likely are subject to more frequent attacks aiming to get a foothold into the networks of organizations. The vulnerability that Microsoft found in Netgear's router "can compromise a network's security -- opening the gates for attackers to roam untethered through an entire organization," Microsoft's announcement contended.
Microsoft used its own Microsoft Defender for Endpoint service as part of the discovery process. The tool spotted an attempt to access the Netgear DGN-2200v1 router's management port, which was "flagged as anomalous by machine learning models."
Analysis of the router's firmware showed it had "three vulnerabilities that can be reliably exploited." Microsoft then shared that information with Netgear.
The announcement provided technical details on how Microsoft detected the vulnerabilities, which served to present Microsoft's case on why organizations should want to use the Microsoft Defender for Endpoint product. Edge devices like routers are becoming the targets now, especially with improvements in operating system security.
"As modern operating system security continues to advance, attackers are forced to look for alternative ways to compromise networks, and network devices such as routers are a prime candidate," Microsoft asserted. "This makes an endpoint discovery solution a critical asset to any security operations."
Microsoft also touted its expertise in detecting firmware flaws following its acquisition of ReFirm Labs, which was announced last month. ReFirm Labs was formed by a team of former U.S. National Security Agency hackers.
"ReFirm's firmware analysis technology will enhance existing capabilities to detect firmware vulnerabilities and help secure IoT and OT devices via Azure Defender for IoT," the announcement indicated.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.