OfficeKeeper Product Security Action Recommendations

Overview

 

Jiranjikyosoft has released a security update to fix vulnerabilities in its OfficeKeeper product. users of affected products are advised to update to the latest version.

 

Affected Products

 

All versions of Office Keeper Deployment Products

 

Resolved Vulnerabilities

 

File upload and download vulnerabilities in Office Keeper products

 

urgent checks and actions

 

o Check the storage folder (/home/storage/) on the server

check whether malicious files are uploaded

– Malicious files: ofk_storage[1-9].php (ofk_storage1.php, etc.) or grabberr.php, etc

check whether the backup file name obfuscation function is working properly

– ex) fff1234abcd_5678.pdf, etc

o Check for abnormalities such as deletion of storage_account.xml (normal file)

o Check server access logs (check whether abnormal IPs are accessing the checked targets)

check target

– Normal file : /checkout3/storage/ofk_storage/upload_file.php

– Malicious file : /storage3/ofk_storage[1-9].php

– Malicious file : /storage3/grabberr.php

o Delete the backup files on the server and disable the automatic file backup function

o Strengthen access policy, such as blocking unauthorized IPs from accessing the OfficeKeeper server

o Vulnerability removal measures such as patching through the manufacturer

 

Referenced Sites

 

[1] Recommended security measures for OfficeKeeper products

https://www.krcert.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000133&searchWrd=&menuNo=205020&pageIndex=1&categoryCode=&nttId=71417