SolarWinds issues yet another emergency patch after hackers strike again

At least one threat actor found abusing new vulnerability

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Belegaured software firmSolarWindshas released a hotfix to patch a remote code execution vulnerability in a couple of its Serv-U products, after being informed of their existence, and abuse, bycybersecurityresearchers atMicrosoft.

Amassive cyber-espionage effortwas discovered late last year that tainted the software supply chain via a rigged update to SolarWinds software. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to many private-sector companies.

As it disclosed the latest RCE vulnerability in the Serv-U Managed File Transfer and Serv-U Secure FTP products, Microsoft also shared that at least one threat actor has already abused the vulnerability to target victims.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers,” acknowledged SolarWinds inits security advisory.

Hot fix

SolarWinds’ advisory shares that if successfully exploited, the vulnerability could enable threat actors to run arbitrary code with enhanced privileges. In essence, attackers could install programs, and view, change, or delete data, on any compromised system.

The company has already put a hotfix to patch the issue, and is urging all customers to apply it to the affected Serv-U products.

Additionally, SolarWinds has also shared details to help customers identify whether they have been compromised by using this Serv-U vulnerability. In addition to checking for SSH connections from a list of IP addresses it believes belong to the threat actor, SolarWinds has also published additional guidance for administrators to check for signs of break-ins.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Notably, this isn’t the first time security researchers have found issues in Serv-U products.Back in February 2021, a security researcher from Trustwave’sSpiderLabsfound and reported several vulnerabilities in various SolarWinds products, including one in Serv-U.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Don’t search for information on cats at work — you could be at risk of being hacked

This dangerous new malware is hitting Windows devices by hiding in games

Nvidia’s GeForce Now Priority membership has upgraded to ‘Performance’ - introducing a 1440p resolution and ultrawide support