Microsoft Discovers New SolarWinds Flaw Under Attack

Microsoft Uncovers Remote Code Execution (RCE) Vulnerability & Zero-Day Exploit of SolarWinds Serv-U Product

Microsoft recently alerted software company, SolarWinds, of a new vulnerability uncovered, providing proof of concept to the company last week. It was found in SolarWinds Serv-U product, in two IT management utilities used to manage remote file servers, Serv-U Managed File Transfer Server and Serv-U Secured FTP, in the latest version (15.2.3 HF1) released from SolarWinds on May 5, 2021 and all prior versions. Microsoft stated “…successful exploitation would give attackers ability to remotely run arbitrary code with privileges, allowing them to perform actions like install and run malicious payloads, or view and change data.” For more details, read the full article.

It was then reported Tuesday, that Microsoft identified an active 0-day exploit attributed to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures from the Microsoft Threat Intelligence Center (MSTIC). To read more about the attack and for guidance on detection of this threat, visit Microsoft’s security blog.

Check out these relevant resources.

New Survey Finds...

Active Directory forest recovery not taken serious enough. See what else your peers had to say.