The Texas-based company, SolarWinds, that became the epicenter of a massive supply chain attack late last year has issued patches to contain a remote code execution flaw. These changes were brought on by the Microsoft notification to the IT management and remote monitoring software maker that the flaw was being exploited in the wild. SolarWinds stated in an advisory, “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability.” They also added that it’s “unaware if the identity of the potentially affected customers.”
The impacted Serv-U versions were 15.2.3.HF1 and earlier. The successful exploitation of the shortcoming could enable an adversary to run arbitrary code on the infected system, including the ability to install malicious programs and view, change, or delete sensitive data. The company is thus urging administrators to watch out for potentially suspicious connections via SSH from the IP addresses 98[.]176.196.89 and 68[.] 235.178.32, or via TCP 443 from the IP address 208[.] 113.35.58. Another way to prevent compromise is by disabling SSH access on the Serv-U installation.
SolarWinds also stressed in its advisory that the vulnerability is “completely unrelated to the SUNBURST supply chain attack” and that it does not affect other products, notable the Orion Platform, that had an exploit to drop malware and dig deeper into the targeted networks by suspected Russian hackers to spy on multiple federal agencies and businesses in one of the most serious security breaches in U.S. history. A string of software supply chain attacks since then has highlighted the fragility of modern networks and the sophistication of threat actors to identify hard-to-find vulnerabilities in widely-used software to conduct espionage and drop ransomeware, in which hackers shut down the systems of business and demand payment to allow them to regain control.
4 responses to “A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack”
Valuable information. Lucky me I found your website by accident, and I’m shocked why this accident did not happened earlier! I bookmarked it.
Definitely imagine that that you stated. Your favorite justification appeared to be on the net the simplest factor to take note of. I say to you, I certainly get irked while folks consider issues that they just do not recognise about. You controlled to hit the nail upon the top and also defined out the entire thing without having side effect , other people can take a signal. Will likely be back to get more. Thank you
Thanks for sharing superb informations. Your website is very cool. I am impressed by the details that you have on this website. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for extra articles. You, my friend, ROCK! I found just the info I already searched everywhere and just could not come across. What an ideal web-site.
Valuable info. Lucky me I found your web site by accident, and I am shocked why this accident did not happened earlier! I bookmarked it.