Security News > 2021 > March > Critical Security Bugs Fixed in Virtual Learning Software

Netop, the company behind a popular software tool designed to let teachers remotely access student computers, has fixed four security bugs in its platform.

"In Netop Vision Pro 9.7.2, released in late February, Netop has fixed the local privilege escalations, encrypted formerly plaintext Windows credentials, and mitigated the arbitrary read/writes on the remote filesystem within the MChat client," according to a Sunday report by the McAfee Labs Advanced Threat Research team, which discovered the flaws.

"An attacker doesn't have to compromise the school network; all they need is to find any network where this software is accessible, such as a library, coffee shop, or home network," the report said.

As service providers across industries are faced with the reality that security needs to be one of the primary drivers behind their business, the need to have a system in place to respond and communicate with ethical security researchers and then make appropriate fixes is becoming exponentially more crucial.

"School districts took a hard pivot on their approach to instructor-led learning as well as the security of teachers and students. With teachers using more software than ever, and software the most vulnerable it has ever been, IT security teams are playing a game of vulnerability whack-a-mole to deliver a secure online learning experience. This isn't easy without the ability to prioritize, orchestrate, automate and measure remediation campaigns and outcomes."

That said, researchers praised Netop's quick response time to the initial security report: "We'd like to recognize Netop's outstanding response and rapid development and release of a more secure software version and encourage industry vendors to take note of this as a standard for responding to responsible disclosures from industry researchers," they said.

News URL

https://threatpost.com/security-bugs-virtual-learning-software/164953/