Jump to content

Microsoft discovers critical SolarWinds zero-day under active attack – Ars Technica


Recommended Posts


And another one...



SolarWinds, the company at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line.


Microsoft discovered the exploits and privately reported them to SolarWinds, the latter company said in an advisory published on Friday. SolarWinds said the attacks are entirely unrelated to the supply chain attack discovered in December.


“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” company officials wrote. “SolarWinds is unaware of the identity of the potentially affected customers.”


Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP—and by extension, the Serv-U Gateway, a component of those two products—are affected by this vulnerability, which allows attackers to remotely execute malicious code on vulnerable systems.




  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...