May 24, 2024 at 09:24AM
Thousands of computers are at risk of complete takeover due to a backdoor injected into the Justice AV Solutions (JAVS) Viewer v8.3.7 installer distributed from official servers. The backdoor, discovered by Rapid7, provides attackers with full control over affected systems. Rapid7 recommends updating to version 8.3.8 and re-imaging affected endpoints to remove the backdoor.
Key Takeaways from the Meeting Notes:
– Thousands of computers are at risk due to a backdoor injected into the Justice AV Solutions (JAVS) Viewer v8.3.7 installer, distributed from official servers.
– The backdoor, identified as GateDoor, provides attackers with full control of affected systems, potentially allowing unauthorized PowerShell commands to be executed.
– Rapid7 recommends updating to JAVS Viewer version 8.3.8 to eliminate the malicious code. However, simply updating the Viewer does not clean the system, and affected endpoints should be completely re-imaged to ensure the backdoor is removed.
– It is essential to reset associated credentials for all accounts logged into the infected machines, as attackers may have persisted through backdoors or stolen credentials.
– JAVS offers audio and video recording and management capabilities for courtroom environments, with over 10,000 installations worldwide, primarily in courtrooms, jury rooms, prison facilities, and council, hearing, and lecture rooms.
– S2W and NIST have also identified and reported on the issue, highlighting the severity of the vulnerability (CVE-2024-4978, CVSS score 8.7).
These are the main points distilled from the provided meeting notes regarding the serious security threat posed by the backdoor injected into the JAVS Viewer software.