New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

Please wait 0 seconds...
Scroll Down and click on Go to Link
Congrats! Link is Generated
Netwrix Auditor Bug

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.

“Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain,” Bishop Fox said in an advisory published this week.


Auditor is an auditing and visibility platform that enables organizations to have a consolidated view of their IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware, and other systems—all from a single console.

Netwrix, the company behind the software, claims more than 11,500 customers across over 100 countries, such as Airbus, Virgin, King’s College Hospital, and Credissimo, among others.

Netwrix Auditor Bug

The flaw, which impacts all supported versions prior to 10.5, has been described as an insecure object deserialization, which occurs when untrusted user-controllable data is parsed to inflict remote code execution attacks.


The root cause of the bug is an unsecured .NET remoting service that’s accessible on TCP port 9004 on the Netwrix server, enabling an actor to execute arbitrary commands on the server.

“Since the command was executed with NT AUTHORITYSYSTEM privileges, exploiting this issue would allow an attacker to fully compromise the Netwrix server,” Bishop Fox’s Jordan Parkin said.

Organizations relying on Auditor are recommended to update the software to the latest version, 10.5, released on June 6, to thwart any potential risks.

Post a Comment

Read also:
Flash Sale! Do Shopify customization or bug fixing. Get It Now
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using AdBlock Extension in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your AdBlock Settings.
Site is Blocked
Sorry! This site is not available in your country.