SolarWinds issues patch for critical vulnerability

Published: July 20, 2021, 2:00pm

Last week, SolarWinds issued a critical patch for its Serve-U file transfer product, urging customers to fix their systems immediately. Researchers at Microsoft notified SolarWinds after discovering the vulnerability being exploited in the wild by a threat actor in a series of targeted attacks.

The zero-day (tracked as CVE-2021-35211) exists in Serv-U versions 15.2.3 HF (released May 2021) and all prior versions. The vulnerability allows remote cybercriminals to run arbitrary code with privileges and then install programs, view/change/delete data, or run programs on the infiltrated system.

SolarWinds did not indicate the origins of the “single threat actor” involved in the attacks.

In 2020, SolarWinds disclosed a significant supply-chain attack involving the Russian Foreign Intelligence Services. As a result, SolarWinds’ internal corporate systems were breached, and the Orion Software Platform source code was trojanized. This malicious code was used to deliver a backdoor labeled ‘Sunburst’ to approximately 18,000 targets, including U.S. government agencies, the military, and large US corporations.

Next Steps

Cybersecurity professionals consider the continuing attacks on SolarWinds to be extremely serious. Therefore, users are strongly encouraged to patch the vulnerability immediately.

GuidePoint Security encourages businesses to work with vulnerability management as a service (VMaaS) to help manage the excess of vulnerabilities and zero-days. Professional penetration testing can also help organizations better understand and identify vulnerabilities in an enterprise system.

In addition, businesses involved in application development are urged to work with application security professionals to ensure that all software releases are as secure as possible.