SolarWinds Releases Patch for Actively Attacked Vulnerability in Serv-U Software

SolarWinds has released an update for a zero day in the Serv-U software. The actively attacked vulnerability made it possible to perform remote code execution in the file sharing software.

The company writes in an update advice that it has implemented a patch in the most recent version of Serv-U. According to SolarWinds, there was a vulnerability in version 15.2.3 HF1 from May this year, and all other versions. The company does not provide details about the vulnerability. The bug is known as CVE-2021-35211, but there’s no details about it in Miter’s National Vulnerability Database either. SolarWinds wants to wait until customers have “had enough time to upgrade.” In the meantime, the company is calling on customers to install the patch through the customer portal.

The vulnerability was discovered by Microsoft security researchers. According to the discoverers, systems belonging to “a targeted group of customers” were attacked by a single attacker. The nature of that attack is unknown. The vulnerability is only in the Serv-U Managed File Transfer Server and Serv-U Secured FTP, but not in its MSP software or in enterprise packages like Orion.

The latter software is where the company ran into problems at the end of last year. Then attackers broke into the company and sent spy malware via an infected update. It is not known whether the current attacks are related to those from December.