SolarWinds security teams are working in fast track aiming to contain the exploitation of an actively exploited zero-day vulnerability. In a recent security alert, the company mentioned a threat actor is taking advantage of security flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products to launch malware attacks against a limited group of targets.

This vulnerability appears to be unrelated to attacks on the sunburst supply chain and backdoor. Apparently, the attacks were discovered by a Microsoft research team during a routine analysis that yielded intriguing results in the SolarWinds Serv-U product.

“Microsoft sent a proof of concept of the exploit to the affected company, in addition to evidence of exploitation,” the company’s statement said. Microsoft added that it does not have a rough estimate of the number of customers affected and there are no hypotheses about the identity of the attacker.

In response to the report, SolarWinds issued an emergency update addressing the detected vulnerability, present in Serv-U 15.2.3 HF1 and earlier. The company also released some indicators of compromise, though additional details will be kept secret so as not to facilitate exploitation before full patches are released.

“The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system”, SolarWinds stated.

As mentioned at the beginning, SolarWinds rules out that this vulnerability is related to the severe attacks detected a few months ago against its SolarWinds Orion solution, attributed to threat actors based in Russia. These taques have also been linked to hacking groups in China, although these incidents were limited to the delivery of a malware variant, unlike the other incidents related to the installation of a backdoor on the compromised networks.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Another zero-day vulnerability in SolarWinds Serv-U product exploited by cyber criminals appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Vulnerability in Atlassian Jira Align allows threat actor to access whatever the SaaS client has in their Jira deployment or simply take the entire thing down

Jira Align is a software-as-a-service (SaaS) platform that enables businesses to grow…

GitHub Says Updated its Policies Regarding Vulnerability Research, Malware and Exploits

GitHub, a code hosting service, has modified its regulations on vulnerability research,…

Critical Local Privilege Escalation Vulnerability in Linux kernel. Patch immediately

The local privilege escalation vulnerability in the Linux Kernel was reported by…