SolarWinds issues yet another emergency patch after hackers strike again
At least one threat actor found abusing new vulnerability
Belegaured software firm SolarWinds has released a hotfix to patch a remote code execution vulnerability in a couple of its Serv-U products, after being informed of their existence, and abuse, by cybersecurity researchers at Microsoft.
A massive cyber-espionage effort was discovered late last year that tainted the software supply chain via a rigged update to SolarWinds software. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to many private-sector companies.
As it disclosed the latest RCE vulnerability in the Serv-U Managed File Transfer and Serv-U Secure FTP products, Microsoft also shared that at least one threat actor has already abused the vulnerability to target victims.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
- These are the best endpoint protection tools
- Check our list of the best firewall apps and services
- Here's our choice of the best malware removal software on the market
"Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers," acknowledged SolarWinds in its security advisory.
Hot fix
SolarWinds’ advisory shares that if successfully exploited, the vulnerability could enable threat actors to run arbitrary code with enhanced privileges. In essence, attackers could install programs, and view, change, or delete data, on any compromised system.
The company has already put a hotfix to patch the issue, and is urging all customers to apply it to the affected Serv-U products.
Additionally, SolarWinds has also shared details to help customers identify whether they have been compromised by using this Serv-U vulnerability. In addition to checking for SSH connections from a list of IP addresses it believes belong to the threat actor, SolarWinds has also published additional guidance for administrators to check for signs of break-ins.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Notably, this isn’t the first time security researchers have found issues in Serv-U products. Back in February 2021, a security researcher from Trustwave's SpiderLabs found and reported several vulnerabilities in various SolarWinds products, including one in Serv-U.
- Protect your devices with these best antivirus software
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.