[ad_1]
SolarWinds, the company at the center of a supply chain attack that has compromised nine US agencies and 100 private companies, struggles to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line .
Microsoft discovered the exploits and privately reported them to SolarWinds, the latter company said in a notice on Friday. SolarWinds said the attacks were unrelated to the supply chain attack discovered in December.
“Microsoft has provided evidence of limited and targeted customer impact, although SolarWinds does not currently have an estimate of the number of customers who may be directly affected by the vulnerability,” company officials wrote. “SolarWinds is not aware of the identity of potentially affected customers. “
Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP – and by extension the Serv-U Gateway, which is a component of both of these products – are affected by this vulnerability, which allows attackers to remotely execute code. malicious on vulnerable systems.
If exploited, an attacker can gain privileged access to machines hosting Serv-U products. An attacker could then install programs; view, modify or delete data; or run programs on the affected system. The vulnerability exists in the latest version of Serv-U 15.2.3 HF1, released May 5, and all earlier versions.
SolarWinds has released a patch to mitigate attacks while the company works on a permanent solution. People running Serv-U version 15.2.3 HF1 should apply Patch (HF) 2; those using Serv-U 15.2.3 must apply Serv-U 15.2.3 HF1 then apply Serv-U 15.2.3 HF2; and those running Serv-U versions earlier than 15.2.3 should upgrade to Serv-U 15.2.3, apply Serv-U 15.2.3 HF1, then apply Serv-U 15.2.3 HF2. The company recommends that customers install the fixes immediately.
The fixes are available here. Disabling SSH access also prevents exploitation.
The federal government attributed last year’s supply chain attack to hackers working for the Russian FSB, the successor to the KGB, which has carried out spy-focused hacking for decades. This campaign exploited vulnerabilities in the SolarWinds network to take control of the Austin, Texas-based company’s software creation system.
Hackers used this access to send a malware update to approximately 18,000 customers of SolarWinds’ Orion networking product. Of those customers, around 110 received a tracking attack that installed a later stage payload that exfiltrated proprietary data. The malware installed in the attack campaign is known as Sunburst. Once again, SolarWinds said the exploits in progress are now unrelated.
Late last year, zero-day vulnerabilities in SolarWinds’ Orion product were exploited by another group of attackers that researchers linked to the Chinese government. These attackers installed malware that researchers call SuperNova. China-related threat actors have also targeted SolarWinds. At least one US government agency has been targeted in this operation.
[ad_2]
Source link