CATEGORIES
home News

Microsoft Discovers 0-Day Vulnerability Actively Exploited In SolarWinds FTP Product

by Nathan OrdWednesday, July 14, 2021, 09:14 AM EDT
microsoft discovers 0 day vulnerability actively exploited in solarwinds products
Yesterday, Microsoft reported that it had detected a 0-day remote code execution exploit being used in the wild against SolarWinds’ Serv-U FTP product. The vulnerability that allowed this exploit has since been patched, but it is still disconcerting, nonetheless.

Tracked as CVE-2021-35211, the vulnerability reported to SolarWinds by Microsoft resided in Serv-U’s version of the Secure Shell (SSH) protocol, explains Microsoft’s Threat Intelligence Center (MSTIC). If Serv-U’s SSH happened to be exposed to the internet, black hat hackers could exploit the vulnerability; thus allowing for remote code execution with privileges, leading to malware installations or unwanted data access.

servu console microsoft discovers 0 day vulnerability actively exploited in solarwinds products

Microsoft found that this vulnerability was being actively exploited by a threat actor group based out of China, dubbed DEV-0322 by Microsoft. Through routine checks by Microsoft 365 Defender, an “anomalous malicious process was found to be spawning from the Serv-U process, suggesting that it had been compromised.” Then, the threat actors would run commands and create administrative users to do more malicious work.

MSTIC further observed that the group, who used VPN solutions and compromised consumer routers among their infrastructure, targeted organizations in the U.S. Defense Industrial Base sector and software companies. Thankfully, SolarWinds responded quickly to Microsoft’s discovery and has now pushed a patch that all Serv-U customers should now download. Once again, this is a stark reminder that cybersecurity is an important investment and requires continual research.

Tags:  Microsoft, security, cybersecurity, (nasdaq:msft), solarwinds, microsoft-defender
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment