Microsoft discovers SolarWinds zero-day exploited in the wild

US software company SolarWinds has released security updates on Saturday to patch a vulnerability in its Serv-U file transferring technology that is being actively exploited in the wild.

The attacks and the vulnerability were discovered by Microsoft, SolarWinds said in a security advisory published over the weekend.

Tracked as CVE-2021-35211, the vulnerability is a remote code execution (RCE) bug that can be exploited via the SSH protocol to run malicious code with elevated privileges on SolarWinds applications.

The Texas-based company said the vulnerable Serv-U technology was only included with the Serv-U Managed File Transfer and Serv-U Secure FTP products and that no other SolarWinds application is affected.

  • Neither SolarWinds nor Microsoft said when the attacks abusing CVE-2021-53211 started nor who was behind them.
  • A Serv-U hotfix was released on Friday, July 9, 2021 — v15.2.3 HF2.
  • SolarWinds shared some indicators of compromise (IOCs) related to the attacks in its security advisory. We will not be reproducing them here in case SolarWinds updates the IOCs.
  • All Serv-U versions prior to v15.2.3 HF2, released on Friday, are vulnerable to attacks.
  • Disabling SSH access on the two affected products prevents exploitation.
  • According to a Censys search query, there are more than 8,200 SolarWinds Serv-U systems exposing their SSH port online.
Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.