{"id":20635,"date":"2021-07-13T18:51:44","date_gmt":"2021-07-13T16:51:44","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=20635"},"modified":"2022-11-04T11:45:48","modified_gmt":"2022-11-04T10:45:48","slug":"solarwinds-patcht-kritische-serv-u-schwachstelle-juli-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/07\/13\/solarwinds-patcht-kritische-serv-u-schwachstelle-juli-2021\/","title":{"rendered":"SolarWinds patches critical Serv-U vulnerability (July 2021)"},"content":{"rendered":"

\"Sicherheit[German<\/a>]US Vendor SolarWinds, hacked in 2020 and allowing attackers to infiltrate thousands of customer systems via Orion software, has now closed a 0-day vulnerability in Serv-U with an update. The remote execution vulnerability CVE-2021-35211, which occurs in the file transfer functions, has already been exploited in the wild.<\/p>\n

<\/p>\n

\"\"The vulnerability was discovered by Microsoft (see also the following tweet<\/a>). Catalin Cimpanu has compiled the details in this article<\/a> – another post can be found at Bleeping Computer<\/a>.<\/p>\n

\"SolarWinds<\/a><\/p>\n

Last week Friday (July 10, 2021), SolarWinds issued a security advisory<\/a> addressing. The vendor was recently notified by Microsoft about a vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP. As a result, a hotfix was developed to address this vulnerability. Although Microsoft's research indicates that this vulnerability is only being exploited by a limited number of customers and a single threat actor, the vulnerability was quickly addressed through a patch.<\/p>\n

The vulnerability exists in the latest Serv-U version 15.2.3 HF1, released on May 5, 2021, as well as all previous versions. An attacker who successfully exploited this vulnerability could execute arbitrary code with privileges. An attacker could then install programs; view, modify, or delete data; or run programs on the affected system.<\/p>\n

The vendor recommends customers install these updates immediately. Alternatively, SSH can be installed on affected products to prevent exploitation of the vulnerability. Further details can be found in the SolarWinds security advisory.<\/p>\n

Addendum:<\/strong> Microsoft has published this blog post<\/a>. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures.<\/p>\n

Similar articles:<\/strong>
\nFireEye hacked, Red Team tools stolen<\/a>
\nUS Treasury and US NTIA hacked<\/a>
\nSolarWinds products with SunBurst backdoor, cause of FireEye and US government hacks?<\/a>
\nSloppiness at SolarWinds responsible for compromised software?<\/a>
\nNews in the fight against SUNBURST infection, domain seized<\/a>
\nSUNBURST malware: Analytic Tool SolarFlare, a 'Kill Switch' and EINSTEIN's fail<\/a>
\nSUNBURST malware was injected into SolarWind's source code base<\/a>
\nSUNBURST: US nuclear weapons agency also hacked, new findings<\/a>
\nSolarWinds hack: Microsoft and others also affected?<\/a>
\nSUNBURST hack: Microsoft's analysis and news<\/a>
\n2nd backdoor found on infected SolarWinds systems<\/a>
\nSolarWinds hackers had access to Microsoft source code<\/a>
\nSolarWinds hack: Hacker goals; outsourcing are under investigation?<\/a>
\nNews from the SolarWinds hack; JetBrains software as a gateway?<\/a>
\nKaspersky: SolarWinds Sunburst backdoor resembles Russian ATP malware<\/a>
\nSolarLeaks allegedly offers source code from Cisco, Microsoft and SolarWinds<\/a>
\nMalwarebytes also successfully hacked by the SolarWinds attackers<\/a>
\nFour more security vendors confirm SolarWinds incidents<\/a>
\nAccusation: Microsoft failed with security in the SolarWinds hack<\/a>
\nSolarWinds: Update for Orion software; attackers had access to top DHS accounts<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]US Vendor SolarWinds, hacked in 2020 and allowing attackers to infiltrate thousands of customer systems via Orion software, has now closed a 0-day vulnerability in Serv-U with an update. The remote execution vulnerability CVE-2021-35211, which occurs in the file transfer … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[69,1544,195],"class_list":["post-20635","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-security","tag-software","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/20635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=20635"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/20635\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=20635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=20635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=20635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}