Belegaured software firm SolarWinds (opens in new tab) has released a hotfix to patch a remote code execution vulnerability in a couple of its Serv-U products, after being informed of their existence, and abuse, by cybersecurity (opens in new tab) researchers at Microsoft.
A massive cyber-espionage effort (opens in new tab) was discovered late last year that tainted the software supply chain via a rigged update to SolarWinds software. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to many private-sector companies.
As it disclosed the latest RCE vulnerability in the Serv-U Managed File Transfer and Serv-U Secure FTP products, Microsoft also shared that at least one threat actor has already abused the vulnerability to target victims.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
>> Click here to start the survey in a new window (opens in new tab) <<
- These are the best endpoint protection tools (opens in new tab)
- Check our list of the best firewall apps and services (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
"Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers," acknowledged SolarWinds in its security advisory (opens in new tab).
SolarWinds’ advisory shares that if successfully exploited, the vulnerability could enable threat actors to run arbitrary code with enhanced privileges. In essence, attackers could install programs, and view, change, or delete data, on any compromised system.
The company has already put a hotfix to patch the issue, and is urging all customers to apply it to the affected Serv-U products.
Additionally, SolarWinds has also shared details to help customers identify whether they have been compromised by using this Serv-U vulnerability. In addition to checking for SSH connections from a list of IP addresses it believes belong to the threat actor, SolarWinds has also published additional guidance for administrators to check for signs of break-ins.
Notably, this isn’t the first time security researchers have found issues in Serv-U products. Back in February 2021 (opens in new tab), a security researcher from Trustwave's SpiderLabs (opens in new tab) found and reported several vulnerabilities in various SolarWinds products, including one in Serv-U.
- Protect your devices with these best antivirus software (opens in new tab)