The Blue Mockingbird malware attack, which is compromising the security of many web applications, including Microsoft Information Services, SharePoint and Citrix, is also targeting old Telerik UI vulnerabilities that have already been fixed.
The attack often uses the known vulnerabilities CVE-2017-11317 and CVE-2019-18935 to upload and execute the malicious software to versions that have not been upgraded to the latest version of the Telerik UI for ASP.NET AJAX (also known as RadControls for ASP.NET AJAX).
Both of the vulnerabilities are already fixed, and, when they were found, Progress notified all of our active and inactive customers with instructions and mitigation steps so they could secure their apps. See the following blog posts:
You can see whether your app is vulnerable by opening its web.config and looking for the
If you have either of the handlers below registered (make sure to look for the
type attribute), you are using the Telerik UI for ASP.NET AJAX (Telerik.Web.UI.dll) suite and your app might be vulnerable to CVE-2017-11317 and/or CVE-2019-18935, and you should keep reading.
<system.web> <httpHandlers> <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false"/> </httpHandlers> </system.web>
<system.webServer> <handlers> <add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" preCondition="integratedMode"/> </handlers> </system.webServer>
To make sure you are not vulnerable we recommend that you upgrade to R1 2020 or later, as shown in the diagram below:
You can find more information in the following dedicated articles:
There are three easy ways to check the version of the Telerik.Web.UI.dll assembly, which is the main file of the Telerik ASP.NET AJAX suite:
“Telerik.Web.UI”- the path in the
HintPathwill show you the location of the Telerik.Web.UI.dll file
<Reference Include="Telerik.Web.UI"> <HintPath>\bin\Telerik.Web.UI.dll</HintPath> … </Reference>
Once you have the path from the HintPath, navigate to the Telerik.Web.UI.dll in Windows Explorer, right click, choose Properties -> Description tab and find out the version in the File Version row:
If you have any questions you can reach out the Telerik support via the public Telerik ASP.NET AJAX forum, by opening a General Feedback ticket or via the support ticketing system (for everyone with an active subscription).
Marin Bratanov is a Principal Technical Support Engineer in the Blazor division, after starting out in WebForms and going through Kendo UI. Ever since he joined Telerik in early 2011 as a novice, his main focus has been improving the services and customer care the company offers. Apart from work, Marin is an avid reader and usually enjoys the worlds of fantasy and Sci-Fi literature. You can find him on Twitter, Goodreads, LinkedIn and Facebook.
Subscribe to be the first to get our expert-written articles and tutorials for developers!