SolarWinds issues yet another emergency patch after hackers strike again

(Image credit: Shutterstock)
Audio player loading…

Belegaured software firm SolarWinds (opens in new tab) has released a hotfix to patch a remote code execution vulnerability in a couple of its Serv-U products, after being informed of their existence, and abuse, by cybersecurity (opens in new tab) researchers at Microsoft.

A massive cyber-espionage effort (opens in new tab) was discovered late last year that tainted the software supply chain via a rigged update to SolarWinds software. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to many private-sector companies.

As it disclosed the latest RCE vulnerability in the Serv-U Managed File Transfer and Serv-U Secure FTP products, Microsoft also shared that at least one threat actor has already abused the vulnerability to target victims.  

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window (opens in new tab) <<

"Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers," acknowledged SolarWinds in its security advisory (opens in new tab)

Hot fix

SolarWinds’ advisory shares that if successfully exploited, the vulnerability could enable threat actors to run arbitrary code with enhanced privileges. In essence, attackers could install programs, and view, change, or delete data, on any compromised system.

The company has already put a hotfix to patch the issue, and is urging all customers to apply it to the affected Serv-U products. 

Additionally, SolarWinds has also shared details to help customers identify whether they have been compromised by using this Serv-U vulnerability. In addition to checking for SSH connections from a list of IP addresses it believes belong to the threat actor, SolarWinds has also published additional guidance for administrators to check for signs of break-ins. 

Notably, this isn’t the first time security researchers have found issues in Serv-U products. Back in February 2021 (opens in new tab), a security researcher from Trustwave's SpiderLabs (opens in new tab) found and reported several vulnerabilities in various SolarWinds products, including one in Serv-U.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.