SolarWinds Says Unknown Hackers Exploited Newly Discovered Software Flaw

SolarWinds didn’t identify the hackers involved.

SolarWinds Says Unknown Hackers Exploited Newly Discovered Software Flaw

The page added that SolarWinds "is unaware of the identity of the potentially affected customers"

Highlights
  • SolarWinds said the flaw was "completely unrelated" to last year's hack
  • SolarWinds credited Microsoft researchers for finding the bug
  • The vulnerability exists in the latest Serv-U version 15.2.3 HF1
Advertisement

SolarWinds software firm says that unknown hackers exploited a previously unknown flaw in two of its programmes to go after "a limited, targeted set of customers."

The statement, issued over the weekend, did not identify the hackers involved.

In a question-and-answer page appended to the statement, SolarWinds said the flaw was "completely unrelated" to last year's hack of government networks by alleged Russian spies, a sprawling espionage operation that used the Texas-based software company as a springboard to break into target networks.

The page added that SolarWinds "is unaware of the identity of the potentially affected customers" caught up in the latest hacking campaign.

SolarWinds credited Microsoft researchers for finding the bug. The company said, “SolarWinds was recently notified by Microsoft of a security vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and have developed a hotfix to resolve this vulnerability. While Microsoft's research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor, our joint teams have mobilised to address it quickly.

“The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programmes; view, change, or delete data; or run programmes on the affected system.

SolarWinds did not immediately return a Reuters request seeking comment on the announcement. Microsoft declined to comment.

© Thomson Reuters 2021


What is the best phone to buy right now? We discussed this on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2024 hub.

Further reading: SolarWinds, Microsoft
Jeff Bezos Space Flight: US Approves Blue Origin Licence for Human Space Travel Aboard New Shepard
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »