Sophos Zero Day Vulnerability

In today’s SensCy Cyber Alert, your SensCy team urges Sophos product users to install the new updates immediately. The software company released a patch for its firewall product after they discovered that hackers were using a new zero vulnerability to attack its’ customers’ network. The issue is tracked by the National Institute of Standards and Technology as CVE-2022-3236 and impacts Sophos Firewall v19.0 MR1 (19.0.1) and older versions.

What is a zero-day vulnerability?

In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers, and security researchers were aware of it and could provide a patch/update.

Sophos workaround:

Sophos recommends that users ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest version.

How to check for new updates:

SensCy highly recommends turning on the Automatic Update or Schedule Updates on all Sophos tools.

If you need additional information, use these Sophos links for Update Immediately and Scheduled updates.

Please reach out to SensCy for any additional questions or concerns.