March 15, 2023
There are two insights to pull out of this advisory: First, if you use Progress Telerik, a toolbox of developer utilities found in Windows Server environments, you should ensure it has been upgraded to the latest version. Second, the threat actors seen exploiting these Telerik vulnerabilities were also observed evading endpoint defenses through tradecraft. The technique applied was the the injection of malicious libraries (DLL) into PNG files and executing them from the TEMP directory. This type of obfuscation, or simply renaming the DLL with a .png extension, is popular with attackers trying to sneak malicious code past EDR and antivirus protections. Defenses should be validated against this technique.
Be immediately notified of new advisories and associated security tests