Microsoft scopre bug zero-day in SolarWinds Serv-U

Microsoft has discovered a zero-day vulnerability in SolarWinds Serv-U software that allows remote code execution. The US company promptly released a patch that solves the problem. This new bug is unrelated to the known SUNBURST connection carried out in December 2020 by cybercriminal group Cozy Bear against Orion software. Serv-U Vulnerability: Attack in progress Microsoft has notified SolarWinds that it has detected ongoing attacks that exploit the zero-day vulnerability, identified as CVE-2021-35211. The Redmond company has provided details on the exploit which, at the time, was used to target a limited number of customers. SolarWinds does not know the exact number or identity of the customers. Affected products are Serv-U Managed File Transfer and Serv-U Secure FTP. The bug, present in versions 15.2.3 HF1 and earlier, can be exploited to access computers running Serv-U with elevated privileges. This then allows you to perform various dangerous actions, such as installing and running programs, viewing, changing and deleting data. As a preventative measure it is advisable to disable SSH access (if enabled), but SolarWinds suggests installing the Serv-U 15.2.3 HF2 update as soon as possible. after giving customers sufficient time to update their systems. In the safety notice published on the official site there is useful information, including indicators of the attack.

Categories:   Security