Zero-Day Vulnerabilities in Atera Software Compromised
Vulnerabilities in Windows Installers of Atera Software
Zero-day vulnerabilities have been discovered in the Windows Installers for the Atera remote monitoring and management software. These vulnerabilities could potentially be exploited to launch privilege escalation attacks.
Flaws Discovered by Mandiant
The vulnerabilities were discovered by Mandiant on February 28, 2023. This security firm is known for its expertise in investigating and responding to cybersecurity breaches.
Identifiers and Remediation
The vulnerabilities have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078. Atera has addressed these issues in versions 184.108.40.206 and 220.127.116.11 of their software, which were released on April 17, 2023.
Zero-day vulnerabilities discovered in the Windows Installers of the Atera remote monitoring and management software have the potential to be exploited for privilege escalation attacks. The vulnerabilities were found by Mandiant and have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078. Atera has released versions 18.104.22.168 and 22.214.171.124 as a fix for these vulnerabilities.