Security News > 2020 > October > QNAP Issues Advisory on Zerologon Vulnerability
Storage solutions provider QNAP this week published an advisory to warn customers that certain versions of QTS, the operating system for its network-attached storage devices, are affected by the Zerologon vulnerability.
"If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller in Control Panel > Network & File Services > Win/Mac/NFS > Microsoft Networking," the company explains.
QTS 4.5.1.1456 build 20201015 and later, QTS 4.4.3.1439 build 20200925 and later, QTS 4.3.6.1446 build 20200929 and later, QTS 4.3.4.1463 build 20201006 and later, and QTS 4.3.3.1432 build 20201006 and later contain fixes for the vulnerability.
QTS 2.x and QES, QNAP notes, are not impacted.
QNAP's advisory also includes details on how users can apply the newly released QTS updates, as well as on how to update all of the installed applications.