The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions in order to mitigate the impact of this vulnerability in the most efficient way:

Scope

The Centre for Cyber Security Belgium strongly recommends Windows system administrators to install updates for vulnerable systems with the highest priority, after thorough testing.

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:

• Apply the emergency patch 7.1.2 as soon as possible
• Ensure that the administrative console is accessible only from:
  • Within a private company network
  • VPN
  • Allow-listed IP addresses (cloud environments) 

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:

Immediately deactivate the SLP service on all ESXi hypervisors which have not yet been updated.

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:

To secure your device, QNAP and the CCB recommend to regularly update your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:

Since no patch will be made available, the CCB suggests to implement a mitigation via the enforced configuration feature.