Security News > 2020 > October > QNAP warns of Windows Zerologon flaw affecting some NAS devices
Network-attached storage device maker QNAP warns customers that some NAS storage devices running vulnerable versions of the QTS operating system are exposed to attacks attempting to exploit the critical Windows ZeroLogon vulnerability.
While NAS devices aren't commonly used as a Windows domain controller, some organizations might want to use this feature to allow IT admins to use some NAS models to manage user accounts, authentication, and enforce domain security.
Given that NAS devices can't be set up as domain controllers if an LDAP server is already running, NAS LDAP servers are by default secured from attacks using ZeroLogon exploits.
The company 'strongly' recommends QNAP customers to update the QTS operating system on their NAS devices together with all installed apps to defend against Zerologon attacks.
QNAP recently addressed two critical bugs in the Helpdesk app that could allow attackers to take over unpatched NAS devices and issued another security advisory warning of a recent surge in ransomware attacks targeting publicly exposed NAS devices.