The Taiwanese company QNAP has now released a new update for its NAS systems that addresses the critical security vulnerability CVE – 2020 – 1463 alias “Zerologon” closes. The company recommends that all users install these updates promptly.

In addition, the mentioned security gap affects not only QNAP devices, but also Windows systems. The said vulnerability makes it possible for attackers to gain domain admin rights. In addition to the FBI, the CISA also made it clear in the recent past that many systems have not yet been patched despite the corresponding updates. Corresponding updates for Windows have been available since the Microsoft patch day in August.

If you are currently using your QNAP NAS as a domain controller, you should immediately install the corresponding updates. The following QTS versions have been secured by the manufacturer:

• QTS 4.5.1. 1456 from build 20201015
• QTS 4.4.3. 1439 from build 20200925
• QTS 4.3.6. 1446 from build 20200929
• QTS 4.3.4. 1456 from build 20201006
• QTS 4.3.3. 1432 from build 20201006.

The updates can either be downloaded directly from the QNAP website or installed automatically via the backend. Both QTS 2.x al