URGENT/11

URGENT/11 is a family of bugs that impact the VxWorks operating system. Although certified branches of VxWorks are at minimal risk, non-certified ones are in danger of worms exploiting these bugs and compromising entire networks relatively quickly. Administrators should patch all associated machines immediately while maintaining the use of existing anti-malware solutions for deleting any threats related to URGENT/11 intrusions.

Eleven Network Security Problems under One Banner

A majority of both researcher and criminal interest in discovering – or exploiting – bugs in software and hardware come down to generic work environment and recreational PCs, phones, and other, 'manned' devices. However, not every bug that provides a helping hand to an attacker is for a smartphone or computer. URGENT/11, which a group name for just under a dozen, separate vulnerabilities, is a potential backdoor for hackers versus embedded systems running VxWorks.

URGENT/11 includes eleven bugs that represent critical vulnerabilities to the affected systems, excluding certification-backed branches like VxWorks 653. They can work for overcoming security protocols synergistically and spreading associated threats over VxWorks machines in the same network. Particularly relevant examples include CVE-2019-12255 or CVE-2019-12263: buffer overflow errors that criminals could use for bypassing firewalls and other conventional defenses. CVE-2019-12256 also is of particular note, thanks to a mistake in processing IPv4 packets that lets the bug trigger in all compatible devices simultaneously throughout the network.

URGENT/11's relevance to VxWorks makes it less of a danger than usual to casual PC owners or PC-using employees in many industries. VxWorks is, however, a critical element of sensitive infrastructure for companies in the defense, transportation, heavy industry and medical services. A handful of consumer products, such as Linksys WRT54G routers, also are at risk. The bugs also have a concerningly low skill-to-use barrier for hackers.

Adapting to Known Vulnerabilities without Leaving Yourself Vulnerable

While Windows, macOS, Android, and even Linux harbor numerically far more vulnerabilities than those in the URGENT/11 family, URGENT/11 represents a rarely-seen peril to industry-specific hardware, including both Internet-of-Things and typically-unmanaged devices. The installation of available security updates remains an integral counter-defense to the presence of URGENT/11 promptly and other bugs that could facilitate a variety of backdoor-oriented attacks and network traversal. Wind River, the developer of the OS, is providing patches, but an additional effort from relevant manufacturers also is necessary.

Administrators unsure about whether or not their network is vulnerable can employ appropriate network traffic analysis services. Although URGENT/11's publication into the public eye comes in 2019, the relevant code is decades old, and it's possible that previously-unknown campaigns are successfully utilizing URGENT/11 theoretically, already. The family of bugs has no relevance to users in Windows or similar environments – except for its capacity for depositing other threats after establishing a backdoor.

Malware experts recommend all affected networks continue maintaining additional security protocols. Such efforts can include up-to-date anti-virus software, rigorous password management, tight version control, and minimizing potentially exploitable features like RDP and admin privilege-enabled accounts. Running hardware with the patched version of VxWorks should remove URGENT/11 vulnerabilities, and traditional anti-malware tools can mitigate their payloads and limit the impact to your network.

URGENT/11 is just as pressing a matter as its all-caps name suggests. With eleven new ways to break into a network, hospitals, military offices, and energy producers will all need to stay sharp for this purely software-based threat to their safety.