Microsoft discovers SolarWinds zero-day exploited in the wild - The Record by Recorded Future
Microsoft discovers SolarWinds zero-day exploited in the wild
US software company SolarWinds has released security updates on Saturday to patch a vulnerability in its Serv-U file transferring technology that is being actively exploited in the wild.
The attacks and the vulnerability were discovered by Microsoft, SolarWinds said in a security advisory published over the weekend.
Tracked as CVE-2021-35211, the vulnerability is a remote code execution (RCE) bug that can be exploited via the SSH protocol to run malicious code with elevated privileges on SolarWinds applications.
The Texas-based company said the vulnerable Serv-U technology was only included with the Serv-U Managed File Transfer and Serv-U Secure FTP products and that no other SolarWinds application is affected.
Neither SolarWinds nor Microsoft said when the attacks abusing CVE-2021-53211 started nor who was behind them.
A Serv-U hotfix was released on Friday, July 9, 2021 — v15.2.3 HF2.
SolarWinds shared some indicators of compromise (IOCs) related to the attacks in its security advisory. We will not be reproducing them here in case SolarWinds updates the IOCs.
All Serv-U versions prior to v15.2.3 HF2, released on Friday, are vulnerable to attacks.
Disabling SSH access on the two affected products prevents exploitation.
According to a Censys search query, there are more than 8,200 SolarWinds Serv-U systems exposing their SSH port online.
US software company SolarWinds has released security updates on Saturday to patch a vulnerability in its Serv-U file transferring technology that is being actively exploited in the wild.
The attacks and the vulnerability were discovered by Microsoft, SolarWinds said in a security advisory published over the weekend.
Tracked as CVE-2021-35211, the vulnerability is a remote code execution (RCE) bug that can be exploited via the SSH protocol to run malicious code with elevated privileges on SolarWinds applications.
The Texas-based company said the vulnerable Serv-U technology was only included with the Serv-U Managed File Transfer and Serv-U Secure FTP products and that no other SolarWinds application is affected.
Neither SolarWinds nor Microsoft said when the attacks abusing CVE-2021-53211 started nor who was behind them.
A Serv-U hotfix was released on Friday, July 9, 2021 — v15.2.3 HF2.
SolarWinds shared some indicators of compromise (IOCs) related to the attacks in its security advisory. We will not be reproducing them here in case SolarWinds updates the IOCs.
All Serv-U versions prior to v15.2.3 HF2, released on Friday, are vulnerable to attacks.
Disabling SSH access on the two affected products prevents exploitation.
According to a Censys search query, there are more than 8,200 SolarWinds Serv-U systems exposing their SSH port online.
