The cloud-based security and compliance company Qualys stated that it identified 7.54 million vulnerabilities related related to FireEye Red Team assessment tools and compromised versions of SolarWinds Orion.
Most of these vulnerabilities, 5.29 million, were related to the FireEye Red Team tools. Additionally, the vast majority of the vulnerabilities at 99.84% were from eight vulnerabilities in Microsoft software that already have patches available.
To help mitigate the risk, Qualys is providing IT and security teams with 60-day access to its integrated Vulnerability Management, Detection, and Response services.
The license includes real-time, updated inventory and automated organization of all assets, applications, and services running across hybrid IT environments. It also includes a continuous view of all critical vulnerabilities and their prioritization based on real-time threat indicators and attack surface, automatic correlation of applicable patches for identified vulnerabilities, and more.
“The scope of this nation-state attack is massive, as overnight a widely used and trusted piece of software turned into known malware,” said Sumedh Thakar, the president and chief product officer at Qualys. “Since its discovery, Qualys teams have been actively researching the issue and helping customers assess their environments. The good news is that nearly all of the CVE’s are patchable, and we’ve made this solution available to the industry so they can immediately work to protect themselves from being exploited by these vulnerabilities.”
Additional details on the research findings and the Qualys solution are available here.