SonicWall

Aikido Exploit and Its Impact on SonicWall Capture Client

First Published:12/13/2022 Last Updated:12/16/2022

Overview

On December 7, 2022, a SafeBreach security researcher disclosed a vulnerability dubbed “Aikido,” with subsequent proof-of-concept (POC) exploit code that can potentially turn EDR agents running on Microsoft Windows endpoints into malicious data wipers. 

The exploit has been confirmed to work with six vulnerable EDR products, including the SentinelOne Agent for Microsoft Windows. SonicWall Capture Client leverages the SentinelOne Agent to deliver advanced endpoint protection.

The SonicWall Product Security & Incident Response Team (PSIRT) is not aware of active exploitation in the wild. While reports of a proof of concept have been made public by the SafeBreach researcher, malicious use of this vulnerability has not been reported to SonicWall.

Affected Products

The Aikido exploit affects SonicWall Capture Client users with SentinelOne Agent for Windows on all versions older than those mentioned in the workaround below.

Workaround

SentinelOne has released a policy override that can be enabled on affected endpoints running versions 22.1.5.11025, 22.2.3.402 or 22.2.4.558 to fix the vulnerability. SonicWall has already applied this policy override to all affected endpoints running SonicWall Capture Client.

Solution

SonicWall Capture Client users running SentinelOne Agent for Windows 22.2.3.402 will not be affected. SonicWall has promoted this version as a SonicWall-managed release, which will trigger an automatic update for all endpoints configured with a SonicWall-managed release as part of the Client policy.

Customers managing endpoints with a Self-Managed release older than SentinelOne Agent 22.2.3.402 for Windows are recommended to upgrade to the latest SonicWall-managed release for the SentinelOne Agent for Windows.

 NOTE: A reboot is required after performing the update.

SentinelOne released a Security Notice on December 9, 2022, confirming that the fix will be automatically enabled in the upcoming SentinelOne Agent for Windows 22.3 

Additional Resources

Previous Notice
Notice: Mobile Connect Client fails to connect after upgrading to iOS 16.1
Next Notice
Pre-Authentication Path Traversal Vulnerability in SMA 1000 12.4.2 Firmware
Follow Us

© 2024 SonicWall. All Rights Reserved.

Company
Popular resources
Subscribe to newsletter

Stay In Touch

  • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.