Attacks against FireEye and SolarWinds continue to bring tail. The Qualys research team has identified 7.54 million vulnerabilities related to FireEye’s Red Team assessment tools and compromised versions of SolarWinds Orion .

It has done so through its customer base, close to 16,000 members.

Up to 5.29 million are unique assets , mostly related to the FireEye Red Team case, which, according to Qualys, underscores “the scope of the potential attack surface if it is done misuse of these tools. ”

«The scope of this attack on a country is massive, since overnight a widely used and reliable piece of software has become known malware «, comments Sumedh Thakar , president and chief product officer of the company.

«The good news,» Thakar adds, «is that almost all CVEs are patchable.»

Virtually all cases (99.84%) stem from eight vulnerabilities in Microsoft software that have solutions available .