SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack - silversurfer - 14 July 21
Quote:SolarWinds has issued a hotfix for a zero-day remote code execution (RCE) vulnerability already under active, yet limited, attack on some of the company’s customers.
Microsoft alerted the company about the flaw, which affects its Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Specifically, the vulnerability exists in the latest Serv-U version 15.2.3 HF1 released on May 5 of this year, as well as all prior versions, the company said in a security advisory posted over the weekend.
Microsoft provided a proof-of-concept (PoC) exploit to SolarWinds, demonstrating how a threat actor who successfully exploits the vulnerability could run arbitrary code with privileges, according to the advisory.
“An attacker could then install programs; view, change or delete data; or run programs on the affected system,” the computing giant said.
Though the current threat appears to be from a sole actor and “involves a limited, targeted set of customers,” SolarWinds wanted to remedy the situation before it could escalate, the company said. “Our joint teams have mobilized to address it quickly,” according to the advisory.
SolarWinds does not currently know many customers may be directly affected by the flaw, nor has it identified the ones who were targeted. The company is recommending that all customers using the affected products update now, which can be done by accessing the company’s customer portal.
Read more: SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack | Threatpost
|