Microsoft Defender for Endpoint Touted in Netgear Router Flaw Discovery -- Redmondmag.com

Microsoft Defender for Endpoint Touted in Netgear Router Flaw Discovery

By Kurt Mackie
07/06/2021

Microsoft on Wednesday described its discovery of a side-channel attack on Netgear DGN-2200v1 wireless home DSL routers that enabled authentication bypass.

Netgear had issued an advisory on the issue last year, and recommended applying a firmware patch. Netgear's advisory characterized the router as having "multiple HTTPd authentication vulnerabilities." HTTPd is the "Apache HyperText Transfer Protocol daemon," which is used as a Web server.

While the Netgear DGN-2200v1 router is for home networks, it and "other Internet-facing systems" likely are subject to more frequent attacks aiming to get a foothold into the networks of organizations. The vulnerability that Microsoft found in Netgear's router "can compromise a network's security -- opening the gates for attackers to roam untethered through an entire organization," Microsoft's announcement contended.

Microsoft used its own Microsoft Defender for Endpoint service as part of the discovery process. The tool spotted an attempt to access the Netgear DGN-2200v1 router's management port, which was "flagged as anomalous by machine learning models."

Analysis of the router's firmware showed it had "three vulnerabilities that can be reliably exploited." Microsoft then shared that information with Netgear.

The announcement provided technical details on how Microsoft detected the vulnerabilities, which served to present Microsoft's case on why organizations should want to use the Microsoft Defender for Endpoint product. Edge devices like routers are becoming the targets now, especially with improvements in operating system security.

"As modern operating system security continues to advance, attackers are forced to look for alternative ways to compromise networks, and network devices such as routers are a prime candidate," Microsoft asserted. "This makes an endpoint discovery solution a critical asset to any security operations."

Microsoft also touted its expertise in detecting firmware flaws following its acquisition of ReFirm Labs, which was announced last month. ReFirm Labs was formed by a team of former U.S. National Security Agency hackers.

"ReFirm's firmware analysis technology will enhance existing capabilities to detect firmware vulnerabilities and help secure IoT and OT devices via Azure Defender for IoT," the announcement indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.