Home > Cybersecurity > Microsoft warns of new vulnerability in SolarWinds products
In a statement issued late last week, SolarWinds says it has been notified by Microsoft of a zero-day vulnerability related to the Serv-U Managed File Transfer Server and Serv-U Secured FTP products – and, by extension, also to Serv-U Gateway, which is a component of both products. The flaw was exploited by a single threat actor to attack a limited set of customers.
According to the alert, the agent would be able to remotely execute arbitrary code with privileges, being able to install programs and view, change or delete data on vulnerable systems.
SolarWinds said the attacks were uncovered by Microsoft teams, who noticed the attacks being carried out from remote code execution on SolarWinds Serv-U. In addition, Microsoft presented a proof-of-concept of the intrusion along with evidence of the zero-day attacks.
The vulnerability affects the latest Serv-U version 15.2.3 HF1 product, released on 5 May 2021, and all previous versions. A hotfix is now available (the Serv-U 15.2.3 HF2). Please refer to the security updates table below for the update applicable to your system. The company recommends that customers install these updates immediately.
According to SolarWinds, this zero-day attack is unrelated to the Orion case involving the company in late 2020. Tampered updates to SolarWinds’ Orion product started one of the largest supply chain attacks in history, which compromised several private-sector companies, but mainly major US government agencies.
At the time, it was assessed that 18,000 customers downloaded the updates as genuine. Once installed, this opened the door for further attacks and other subsequent potentially criminal activities, such as espionage and theft of state secrets.
According to SolarWinds, the following are steps that can help determine if your environment has been compromised: