Home / News & Notice

Security Exploit in July 18, 2017 Build

Posted Aug 7, 2017

Updated Aug 15, 2017

Kaspersky Labs has issued a press release regarding this issue along with a joint statement with NetSarang which can be read here:

https://usa.kaspersky.com/about/press-releases/2017_shadowpad-attackers-hid-backdoor-in-software-used-by-hundreds-of-large-companies-worldwide


On Friday August 4th, 2017, our engineers in cooperation with Kaspersky Labs discovered a security exploit in our software specific to the following Builds which were released on July 18, 2017. Currently, there is no evidence that the exploit was utilized. As of Aug 15, 2017, Kaspersky Labs has discovered a single instance of this exploit being utilized in Hong Kong.

Affected Builds

  • Xmanager Enterprise 5.0 Build 1232
  • Xmanager 5.0 Build 1045
  • Xshell 5.0 Build 1322
  • Xftp 5.0 Build 1218
  • Xlpd 5.0 Build 1220

Build numbers before and after the above Builds were not affected. If you are using any of these above listed Builds, we highly recommend you cease using the software until you update your clients. The exploit was effectively patched with the release of our latest Build on August 5th, so if you’ve already updated, then your clients are secure. The latest Builds are Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326, Xftp Build 1222, and Xlpd Build 1224.

How to Update

If you are using the affected Build, you can update by going to Help -> Check for Updates directly in your client or download the latest Build from our website here: https://www.netsarang.com/download/software.html.

The antivirus industry has been informed of the issue and therefore your antivirus may have already quarantined/deleted the dll file which was affected. If this is the case, you will not be able to run the software. You’ll need to update manually by downloading the latest build from the link posted above. Installing the updated build over your existing installation will resolve the issue.

We are working with Kaspersky Labs to further evaluate the exploit and will update our users with any pertinent information.