SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack
#1
Information 
Quote:SolarWinds has issued a hotfix for a zero-day remote code execution (RCE) vulnerability already under active, yet limited, attack on some of the company’s customers.
 
Microsoft alerted the company about the flaw, which affects its Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Specifically, the vulnerability exists in the latest Serv-U version 15.2.3 HF1 released on May 5 of this year, as well as all prior versions, the company said in a security advisory posted over the weekend.
 
Microsoft provided a proof-of-concept (PoC) exploit to SolarWinds, demonstrating how a threat actor who successfully exploits the vulnerability could run arbitrary code with privileges, according to the advisory.
“An attacker could then install programs; view, change or delete data; or run programs on the affected system,” the computing giant said.
 
Though the current threat appears to be from a sole actor and “involves a limited, targeted set of customers,” SolarWinds wanted to remedy the situation before it could escalate, the company said. “Our joint teams have mobilized to address it quickly,” according to the advisory.
 
SolarWinds does not currently know many customers may be directly affected by the flaw, nor has it identified the ones who were targeted. The company is recommending that all customers using the affected products update now, which can be done by accessing the company’s customer portal.

Read more: SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack - by silversurfer - 14 July 21, 11:41

Forum Jump:


Users browsing this thread: 3 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>