SolarWinds Under Attack Again

SolarWinds products are the focus of a new attack discovered by Microsoft.

The software provider, who suffered a supply chain attack that compromised federal agencies and Fortune 500 companies last year, issued a new emergency patch Friday. SolarWinds published an advisory along with a hotfix for the Serv-U product line. Microsoft spotted the vulnerability being exploited in the wild.

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” company officials wrote. “SolarWinds is unaware of the identity of the potentially affected customers.”

“The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions,” said SolarWinds. “A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.”

The vulnerability affects Serv-U Managed File Transfer, Serv-U Secure FTP, and the Serv-U Gateway. In their advisory SolarWinds says they believe only the Serv-U tools are affected, and that the attacks were focused on “a limited, targeted set of customers.”

SolarWinds has been the target of three attacks over the past year that we know about. The large Orion attack in December, that targeted nine US agencies, gained large attention and was designated as a nation state attack. A second attack occurred in March when hackers used SolarWinds web-facing servers to spread malware to users. In their statement, the software company said the current attack is not related to the others. Customers should continue to check the advisory page for updates and permanent patches.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright