Users of SolarWind’s Serv-U file transfer suites urged to install hotfix fast

IT administrators with systems using SolarWinds’ Serv-U Managed File Transfer and Serv-U Secure FTP are being urged to install a hotfix to fix a serious vulnerability.

In a security advisory issued over the weekend the company said the bug could allow an attacker to run arbitrary code with privileges, install malicious programs, and view, change, or delete data.

Admins who can’t install these updates should see the SolarWinds’ FAQ  for information on how to help protect their system from this vulnerability.

The vulnerability was discovered by Microsoft, which said it found evidence of “limited, targeted customer impact.” It also provided a proof of concept of the exploit.

SolarWinds said it does not currently have an estimate of how many customers may be directly affected by the vulnerability. The company added that the vulnerability in these two applications don’t affect any of SolarWinds’ other products.

This follows the discovery of vulnerabilities late last year in a similar file transfer utility, Accellion’s FTA application. These vulnerabilities have led to a number of high-profile data thefts that continue to be revealed by organizations that either were hit before patches were released or didn’t patch fast enough.

The latest to be revealed is a company that provided contact management services to customers of U.S. investment bank Morgan Stanley.

SolarWinds’ Serv-U Managed File Transfer is file transfer protocol server software that offers centralized file transfer management and automation using FTP, FTPS, SFTP and HTTP/S over IPv4 and IPv6 networks. The Serv-U File Transfer Protocol Server is for those needing only file transfer using FTP and FTPS.

Active maintenance SolarWinds customer of the Serv-U product, should log into their Customer Portal to access their updates. This update is expected to take only a few minutes to implement.

For those who are not on active maintenance and currently using a Serv-U product, SolarWinds’ Customer Success team will answer questions. Staff should open a customer service ticket with the subject “Serv-U Assistance.”

One sign of compromise is potentially suspicious SSH connections from three IP addresses. SolarWinds added that if SSH isn’t enabled in an organization’s environment the vulnerability does not exist.

“This attack is a Return Oriented Programming (ROP) attack,” it said. “When exploited, the vulnerability causes the Serv-U product to throw an exception and then intercepts the exception handling code to run commands. Please note, several reasons exist for exceptions to be thrown, so an exception itself is not necessarily an indicator of attack.”

The company stresses this vulnerability is unrelated to the infamous Sunburst supply chain attack though which an attacker was able to compromise the update mechanism for the Orion IT management platform.

 

 

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now