WatchGuard Product Update Blog
  1. Now available: Fireware 12.5.3

    Now available: Fireware 12.5.3
    Categories:
    bpatterson Tue, 03/31/2020 - 12:08

    WatchGuard has posted Fireware 12.5.3 and WSM 12.5.3 in the Software Download Center. These new releases introduce several key bug fixes and some new enhancements. Full details are provided in the Release Notes and the What’s New presentation. We’ve seen a huge increase in the number of people using Mobile VPN for remote access over the past few weeks, so please note that this release also includes an updated version of the SSL VPN client for Mac and Windows. 

    Key Updates of This Release:

    • Mobile VPN with SSL improvements, including the elimination of an upgrade prompt that did not apply to non admin users, along with several bug fixes.
    • Gateway Wireless Controller support for the AP225W wall plate access point, which is ideal for multi-dwelling unit (MDU) structures such as dorm rooms, shared office spaces, smart apartments and condos.
    • Trusted Platform Module (TPM) support for registration of Fireboxes to WatchGuard Cloud, eliminating the need to enter a verification code.
    • Web setup wizard has been enhanced to simplify RapidDeploy in environments that do not use DHCP.
    • Support for the latest Autotask API updates. We strongly recommend all users of the Autotask integration to read the relevant notes in the What’s New and upgrade to 12.5.3 before April 15th.  

    Software Download Center
    Firebox appliance owners with active support subscriptions can obtain Fireware 12.5.3 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. If you are already running Fireware 12.5.2, you can now use WatchGuard Cloud to simply upgrade the firmware on all of your appliances. 

    Does this release pertain to me?
    Fireware 12.5.3 is available for all Firebox T and Firebox M appliances. The Mobile VPN with SSL 12.5.3 client has also been posted for XTM appliances.

    Contact
    For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

     

  2. General Availability of TDR Machine Learning Enhanced Host Ransomware Prevention

    General Availability of TDR Machine Learning Enhanced Host Ransomware Prevention
    Categories:
    rarroyo Fri, 03/27/2020 - 07:37

    We are excited to announce the general availability of Machine Learning Enhanced Host Ransomware Prevention!

    Ransomware authors are getting smarter and bolder. Every day they find new ways to avoid detection and steal data. TDR already protects your endpoints from devastating ransomware attacks. As ransomware attacks evolve, we must improve our ability to stop them with faster detection through machine learning.

    Machine Learning for Host Ransomware Prevention

    In 2018, we enhanced TDR's Detection and Response (D&R) engine with machine learning. This significantly increased our general indicator detection rate.

    WatchGuard is now ready to apply those same principles to Host Ransomware Prevention (HRP). The addition of machine learning to HRP results in faster detection rates than our current detection model. With this enhancement, you will see more HRP indicators that result in remediations. 

    We are excited about this new feature and protecting your endpoints for years to come.

    Thank you and enjoy!

    TDR Product Team

  3. TDR AD Helper Credential Disclosure Vulnerability

    TDR AD Helper Credential Disclosure Vulnerability
    Categories:
    rarroyo Thu, 03/12/2020 - 17:50

    Good morning TDR Users, 

    On 11 March 2020, a pen testing company, RedTeam PenTesting GMBH, disclosed a credential disclosure vulnerability in the AD Helper to exploit-db.com (link below). The disclosure states that by accessing the AD Helper web interface, a call to an API endpoint is made which responds with plaintext credentials to all configured domain controllers.

    On 9 March 2020, WatchGuard released a fix for this vulnerability in AD Helper 5.8.5.10317. In this version, the offending REST endpoint no longer returns plaintext passwords. In addition, the service running the configuration UI will only be available locally through the loopback IP address (Localhost/127.0.0.1). This means that users must log in to the computer locally to access the AD Helper Configuration UI.

    Please make sure your AD Helper is up-to-date and runs version 5.8.5.10317 or higher. If your AD Helper runs a lower version and cannot auto-update, you must manually update your AD Helper. If your AD Helper cannot communicate with TDR or cannot auto-update, please follow the steps at: https://watchguardsupport.secure.force.com/publicKB?type=Known%20Issues&SFDCID=kA10H000000g4mPSAQ

    Additionally, if you are unable to update the AD Helper immediately, you can use firewall rules to minimize the exposure of the AD Helper to external networks, which would limit the scope of the vulnerability. While it is still a serious vulnerability, and you will want to patch quickly, most internet-based attackers should not be able to reach this web interface unless you allowed it via your firewall.

    WatchGuard greatly appreciates members of the security community who find and responsibly disclose vulnerabilities in our products so that we can correct them and make our products as secure as possible. We thank RedTeam PenTesting GMBH for responsibly bringing this to our attention.

     

    Sincerely,

    The TDR PM Team

    Exploit-DB Link: https://www.exploit-db.com/exploits/48203

  4. TDR AD Helper Urgent Security Improvement

    TDR AD Helper Urgent Security Improvement
    Categories:
    rarroyo Mon, 03/09/2020 - 11:57

    Good morning TDR Users,

    WatchGuard has released an AD Helper update, to be deployed immediately. This update resolves an issue found by RedTeam Pentesting GmbH and improves the security of the AD Helper. WatchGuard thanks RedTeam Pentesting GmbH for reporting this issue so that we could resolve it quickly. 

    In AD Helper version 5.8.5.10317 and higher, the service that runs the AD Helper Configuration UI will only be available locally through the loopback IP address (localhost/127.0.0.1). This means that users must now log in to the computer locally to access the AD Helper Configuration UI. 

    Please make sure that your AD Helper is up-to-date and runs version 5.8.5.10317 or higher. If your AD Helper runs a lower version and cannot auto-update, you must manually update your AD Helper.

    If your AD Helper cannot communicate with TDR or cannot auto-update:

    1. Open the AD Helper UI and copy the domain information.
    2. Use the Windows Settings or Control Panel to uninstall AD Helper.
    3. Log in to TDR.
    4. Select Devices > AD Helper.
    5. Follow the instructions to download and install AD Helper.
    6. Open the AD Helper UI and specify the domain information you copied in Step 1.

     

    Sincerely,

    The TDR PM Team

  5. TDR Machine Learning Enhanced Host Ransomware Prevention Beta

    TDR Machine Learning Enhanced Host Ransomware Prevention Beta
    Categories:
    rarroyo Thu, 02/13/2020 - 11:08

    We are excited to announce that Threat Detection and Response has a new feature to Beta test!

    Ransomware authors are getting smarter and bolder. Every day they find new ways to avoid detection and steal data. TDR already protects your endpoints from devastating ransomware attacks. As ransomware attacks evolve, we must improve our ability to stop them with faster detection through machine learning.

    Machine Learning for Host Ransomware Prevention

    In 2018, we enhanced TDR's Detection and Response (D&R) engine with machine learning. This significantly increased our general indicator detection rate. Machine learning enhanced Host Ransomware Prevention (HRP) is now ready for Beta test. The addition of machine learning to HRP results in faster detection rates than our current detection model. With this enhancement, you will see more HRP indicators that result in remediations. 

    To participate in the Beta program, click the link below and follow the instructions provided.

    https://watchguard.centercode.com/key/MLHRP

    Thank you!

    TDR Product Team