Thank you for your questions.
We just send an email to our community and we strongly advise you to upgrade to at least version R2 2020.
Here are the email contents:
We are writing to update you on the recent Blue Mockingbird malware attacks that have been talked about in the press and on social media, affecting many web applications, including Microsoft Information Services, SharePoint and Citrix, in addition to Telerik UI for ASP.NET AJAX. The vulnerability that Blue Mockingbird exploits is not new. It was identified and fixes were provided to our customers and partners in 2017 and 2019. In light of the recent attacks however, we are again updating you on where those fixes can be found and implemented.
The attack often uses the known vulnerabilities CVE-2017-11317 and CVE-2019-18935 to upload and execute the malicious software to software versions that have not been upgraded to the latest version of the Telerik UI for ASP.NET AJAX (also known as RadControls for ASP.NET AJAX).
To protect against this vulnerability, we recommend that you upgrade to R1 2020 (version 2020.1.114) or later. If you’re unsure if this impacts you, go to this page.
You can find more information in the following dedicated articles:
CVE-2017-11317 - Unrestricted File Upload
Also, if you need to upgrade to a more recent version, please follow the instructions in our documentation.
All customers with active maintenance and support – you can access our latest releases R1 & R2 2020 here. If you have any questions, you can reach the Telerik support team via the support ticketing system.
All customers with expired maintenance and support – we've activated a complimentary access to our R1 2020 release in your accounts. You can access it here. If you have any additional questions, please open a General Feedback ticket.
The Telerik team at Progress
Progress is here for your business, like always. Read more
about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.