Sophos Utm Up2date



[German]Administrators of the Sophos UTM appliance should not install the recently released Sophos UTM 9.703 firmware, as may will cause massive issues. Sophos has pulled this firmware update. Addendum: Sophos confirmed the issues and is testing a fix, that will be available soon.

After installing the module you can use the cmdlet Set-EndpointsInUtm to update IPs and URLs used by Microsoft directly in Sophos UTM. The most important parameters you are going to use are: UtmApiUrl: This is the URL of the API Endpoint (without the trailing slash) and tells the cmdlet how to contact Sophos UTM. Hi, I know that this is impossible. But actually I can't connect a monitor to my Astaro. I think that it should be a great idea to allow beta tester to upgrade from the current version to the beta using something like a command line (for example dist-upgrade).

Advertising

Sophos UTM is a complete, hardware-based security solution for corporate networks, including firewall etc. (see this Sophos website).

Sophos Utm Up2date Blog

Sophos UTM 9.703 distributed via Up2Date

A few hours ago, Sophos began distributing the Sophos UTM 9.703 firmware version via Up2Date. This firmware update addresses a number of security vulnerabilities. Thorsten Sult had discussed this update and the closed vulnerabilities in this German blog post. This morning I received an email from Thorsten with the note:

Important information about the new firmware for Sophos UTM 9.703. Do not install this update. Unfortunately Sophos distributed it yesterday and today via Up2Date.

Nasty issues with Sophos UTM 9.703

There is a post on the Sophos forums by Bob, who has been experiencing nasty problems in his lab environment.

Sophos Utm Up2date Not Enough Space

DO NOT INSTALL 9.703!!!

My lab system was Up2Dated to 9.703 Thursday evening at 10PM CDT (UTC -0500) and all connection with the outside world immediately stopped. My local connection would work normally a few minutes at a time and then everything would lock up for a few minutes. I could not identify the problem with top, but did see a lot of zombie confd processes. I lost the entire day of Friday because my wife has a big project due next week and was working via Microsoft Teams all day with her colleagues.

After installing the firmware update, all connections from the network to the outside were interrupted. He was unable to resolve this issue and recommended that Sophos remove the firmware update from the FTP server. In the thread other users describe problems with the firmware update.

Update pulled

In the meantime, Sophos itself has posted a notice on the page announcing the firmware update for UTM Up2Date 9.703, stating that the firmware update has been temporarily withdrawn. In the meantime, this advisory from Sophos on the issue ‘Sophos UTM – Traffic not passing after upgrading to v9.703’ has been released. It appears to have only affected a subset of Sophos UTM v9.703 systems.

Advertising
Up2dateSophos Utm Up2date

Thorsten Sult points out in this blog post that the same applies to Sophos XG. Thanks to Thorsten for pointing this out.

Utm

A revision is tested now

Addendum: German blog reader Thorsten Sult informed me via a comment (thanks for that), that Sophos has updated advisory 135383 to reflect the issue. Incorrect communication between support and customers resulted in a fix for a reported issue not being included in the update. In addition, Sophos admits to inadequate testing due to the communication issues. The v9.703 firmware update is due to be released this week (starting 20 April 2020) – if testing is successful.

Cookies helps to fund this blog: Cookie settings
Advertising

Sophos released UTM 9.705. The release will be rolled out in phases.

Up2date
  • In phase 1 you can download the update package from their download server
  • In phase 2 they will make it available via their Up2Date servers to all installations

News

  • Maintenance Release

Remarks

  • System will be rebooted

Issues Resolved

Sophos Utm Up2date Ftp

  • NUTM-12235 [Basesystem, SUM] UTM not accessible through SUM gateway manager
  • NUTM-12234 [Basesystem] Remote Code Execution vulnerability in UTM WebAdmin
  • NUTM-12250 [Wireless] AP Wireless Networks restart continuously-9.704

IMPORTANT: This release fixes a Remote Code Execution vulnerability in UTM WebAdmin, which, if you have the WebAdmin or Userportal open to any IP – which of course you have not, it could be exploited!! During COVID-19 there has been a lot of attacks on the perimeter equiment, so an exploit is likely to happen!

Sophos Utm Up2date Download

Another fix is that when you use Single Sign On from SUM, you will not get to the dashboard of the UTM, this is fixed with 9.705 also – I have tested it 🙂

Related Posts