Security News > 2022 > March > Sophos warns critical firewall bug is being actively exploited
British-based cybersecurity vendor Sophos warned that a recently patched Sophos Firewall bug allowing remote code execution is now actively exploited in attacks.
The vulnerability was discovered and reported by an anonymous researcher who found that it impacts Sophos Firewall v18.5 MR3 and older.
To address the critical bug, Sophos released hotfixes that should be automatically deployed to all vulnerable devices since the 'Allow automatic installation of hotfixes' feature is enabled by default.
Hotfixes released for end-of-life versions of Sophos Firewall must manually upgrade to patch the security hole and defend against the ongoing attacks.
After toggling on automatic hotfix installation, Sophos Firewall will check for new hotfixes every thirty minutes and after restarts.
Patching your Sophos Firewall instances is critically important especially since they have been previously exploited in the wild, with threat actors abusing an XG Firewall SQL injection zero-day starting with early 2020.