The first clean version of NetExtender Windows is 10.2.341. For Palo Alto, users should either install GlobalProtect 6.2.6, or run their VPN client in FIPS-CC mode.

About 10,000 enterprise servers running Palo Alto Networks’ GlobalProtect VPN are vulnerable to a just-patched buffer overflow bug with a severity rating of 9.8 out of a possible 10.

Palo Alto Networks Globalprotect app is used to establish VPN connections. A vulnerability allows attackers to inject malicious code and install it on vulnerable computers with elevated privileges.

Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks Over the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities.

The first clean version of NetExtender Windows is 10.2.341. For Palo Alto, users should either install GlobalProtect 6.2.6, or run their VPN client in FIPS-CC mode.