[Kznnog-discuss] Fwd: MikroTik: URGENT security advisory

Edrich De Lange Edrich.Delange at thusa.co.za
Fri Aug 3 07:37:11 SAST 2018



Edrich De Lange
                    
helpdesk: +27 87 941 6893
switchboard: +27 87 941 6890

Disclaimer
This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are hereby notified that disclosing, distributing, or copying this e-mail is strictly prohibited. 


________________________________________
From: Edrich De Lange
Sent: Friday, August 3, 2018 7:27:50 AM
To: kznnog at lists.kznnog.co.za
Subject: Fwd: MikroTik: URGENT security advisory

________________________________________
From: MikroTik <no-reply at mikrotik.com>
Sent: Thursday, August 2, 2018 11:46:27 PM
To: Edrich De Lange
Subject: MikroTik: URGENT security advisory

Hello,

It has come to our attention that a rogue botnet is currently using a vulnerability in the RouterOS Winbox service, that was patched in RouterOS v6.42.1 in April 23, 2018.

Since all RouterOS devices offer free upgrades with just two clicks, we urge you to upgrade your devices with the "Check for updates" button, if you haven't done so already.

Steps to be taken:

- Upgrade RouterOS to the latest release
- Change your password after upgrading
- Restore your configuration and inspect it for unknown settings
- Implement a good firewall according to the article here:

https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

All versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable. Is your device affected? If you have open Winbox access to untrusted networks and are running one of the affected versions: yes, you could be affected. Follow advice above. If Winbox is not available to internet, you might be safe, but upgrade still recommended.

More information about the issue can be found here: https://blog.mikrotik.com

Best regards,
MikroTik

--
In order to maintain and improve our business relations, supply goods and services, realizing our legitimate interest (like commercial benefits) to process personal data without consent provided that it is not overweighed by negative effects on your rights and freedoms, MikroTik has so far sent you information related to our activity, and we hope that you will continue to be interested in receiving such kind of informative messages. We send them to inform our customers and partners about MikroTik news, changes and improvements in MikroTik products and software that might be relevant to you to comply with essential requirements of product sales and usage, information about MikroTik training seminars and MUM events, as well as other information.
To unsubscribe from this list please follow the link:
https://mikrotik.com/unsubscribe/NL478/ZWRkQGRlbGNvbi5iaXo=



More information about the KZNnog-discuss mailing list