Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

Hackers have leveraged a zero-day vulnerability in KnowledgeDeliver to deploy web shells, exploiting hardcoded machineKey values in a configuration file. This has enabled ViewState deserialization attacks, ultimately resulting in remote code execution. The absence of a patch for this vulnerability puts defenders at a significant disadvantage, as attackers are already utilizing the exploit. The exploitation of this zero-day vulnerability highlights the challenges associated with securing systems against unknown threats. Specifically, the hardcoded machineKey values in the configuration file have created an entry point for attackers to execute arbitrary code, emphasizing the need for robust security measures. The fact that hackers are exploiting this vulnerability before a patch is available¹ underscores the importance of proactive security strategies. So what this means for practitioners is that they must be prepared to respond quickly to emerging threats, even in the absence of patches, to prevent exploitation of zero-day vulnerabilities.