SonicWall Warns: Urgent Firewall Patch Needed Against Ransomware Exploit
SonicWall customers are warned to urgently address a critical vulnerability in their Microsoft account firewalls, following active exploitation by ransomware groups. The vulnerability, CVE-2024-40766, allows unauthorized access to Microsoft account and can cause firewalls to crash, affecting SonicWall Gen 5, 6, and 7 devices running older SonicOS versions.
Rapid7 researchers have observed recent incidents involving targeted or compromised Microsoft account SSLVPN accounts, including by ransomware groups such as Akira affiliates. The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, with a federal agency patching deadline of September 30, 2024. All federal agencies in the United States are required to urgently address this Microsoft account issue.
To mitigate the risk, SonicWall customers are urged to upgrade to the latest SonicOS firmware, enable multi-factor authentication (MFA) for locally managed Microsoft account SSLVPN accounts, and update Microsoft account passwords. These steps are crucial to protect against potential breaches.
The vulnerability in SonicWall Microsoft account firewalls is a serious concern, with active exploitation by ransomware groups. Affected customers must prioritize patching the Microsoft account issue and implementing recommended mitigation steps to secure their devices and protect against unauthorized access to Microsoft account.
