Microsoft Warns of Boa Web Server Risks

Bad news if you use Microsoft’s discontinued Boa web server. It’s being targeted by hackers. Microsoft put out a warning about this along with potential remediations, but Security Week has a story about this web server being used in attacks. Which effectively makes this a today problem for anyone who uses Boa.

Sharon Nachshony, Security Researcher, Silverfort had this to say:

     “The Microsoft research highlights a long-standing supply-chain risk to IoT and OT environments from legacy technology. While hard to manage, given the abundance of such technology in critical industries, a rigorous patching regime is essential.

Age-old vulnerabilities such as this provide a jumping-off point for attackers looking to move laterally to more sensitive areas by abusing the identity attack surface. With access to critical areas inside OT environments – their activities can quickly become significantly more impactful.

To stop lateral movement, MFA should be applied to resources such as Command Line interfaces, WMI, Shared Folders and Service Accounts to close down commonly used attack paths.”

If you’re a user of the Boa web server, consider this your invitation to follow Microsoft’s advice so that you don’t get pwned seeing as this is clearly being exploited by threat actors as I type this.

Leave a Reply

%d bloggers like this: