Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-22906: Impact of skip-2.0 malware on Centrify?

Auditing and Monitoring Service ,   Authentication Service ,  

25 October,19 at 07:21 PM

Question:

New malware has recently been discovered that can create a backdoor to Microsoft SQL 11 (SQL Server 2012) or Microsoft SQL 12 (SQL Server 2014) Servers. This malware is known as Skip-2.0. Centrify relies on Microsoft SQL for its DirectAudit database as well as Reporting Services and Access Manager. What is the impact of this malware on Centrify?


Answer:

Centrify's engineering teams have reviewed the documentation around this malware and has found that Centrify's code is not vulnerable to this exploit. Also, Centrify no longer ships Microsoft SQL 11 or 12 in any of their current packages. Centrify recommends that customers still using SQL 11 or 12 upgrade to SQL Server 2016 as soon as possible to minimize risks to their databases. However, customers may need to contact Microsoft for any licensing questions or issues regarding a SQL upgrade.


More information about this malware can be found here:

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-malware-to-backdoor-microsoft-sql-servers/

https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/







 

Related Articles

 articleKB-20123: Tenant URL Change FAQ for Centrify only article[Security Corner] Centrify and the Microsoft Enhanced Security Administrative Environment (1/3) articleKB-6731: Impact of Badlock (CVE-2016-0128/CVE-2016-2118) on Centrify-Enabled Samba articleKB-2119: The impact of winbindd on Centrify Enabled Samba articleKB-5534: Impact of CVE-2015-5600 on Centrify-Openssh articleKB-5141: Impact of CVE-2015-0240 on Centrify-Enabled Samba articleKB-9060: Impact of SMBLoris (ETR-2017-V005) on Centrify Adbindproxy and Samba articleImpact of SMBLoris (ETR-2017-V005) on Centrify ADBindProxy and Samba articleKB-20836: Tenant Migration FAQ for joint customers of Centrify and Idaptive