Skip to main content

SolarWinds rolls out another emergency patch as new attack vector emerges

(Image credit: Image source: Shutterstock/deepadesigns)

SolarWinds has released a hotfix for two of its tools after being notified of a serious vulnerability that could open the door to remote code execution.

In an advisory, the company explained that Microsoft reported the vulnerability, which affects its Serv-U Managed File Transfer and Serv-U Secure FTP tools. All versions of the Serv-U software up to 15.2.3. HF1 are said to be vulnerable.

Microsoft provided SolarWinds with a proof of concept, demonstrating how the vulnerability could be exploited, adding that at least one threat actor has already used it.

"Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company explained. “SolarWinds is unaware of the identity of the potentially affected customers." 

All SolarWinds customers should log into their Customer Portal to access the updates and should apply the 15.2.3 hotfix 2 immediately. Customers not on active maintenance should give SolarWinds a call, it was added.

SolarWinds is a major target for both private and state-sponsored hacking groups, and was at the center of one of the greatest supply-chain attacks ever pulled off. 

Late last year, a cybercriminal syndicate (believed to be Russian state-sponsored group APT29) managed to compromise an update for a SolarWinds product and, through it, gain access to dozens of financial and tech businesses, as well as government organizations.