SolarWinds Discloses Zero-Day Under Active Attack

SolarWinds has issued an advisory confirming a new zero-day affecting its Serv-U Managed File Transfer and Serv-U Secured FTP products. It has developed a hotfix to address the flaw.

The remote code execution vulnerability exists in the latest Serv-U version 15.2.3 HF1 released on May 5, 2021, and all prior versions, the company reported in a weekend advisory. An attacker who successfully exploited the flaw could run arbitrary code with privileges; install programs; view, change, or delete data; or run programs on the affected systems.

SolarWinds learned of the vulnerability from Microsoft, which found attackers already using it.

"Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," SolarWinds wrote in its advisory. It is unaware of the identity of the potentially affected customers, officials noted.

This vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP, officials noted, and it does not affect any other SolarWinds or N-able products. The company urges Serv-U users to install the hotfix and said it will publish additional details on the flaw after giving customers time to upgrade.

Read more in SolarWinds' full advisory.