SolarWinds, Alerted By Microsoft, Patches Serv-U Vulnerability

SolarWinds has developed a patch to fix a Serv-U Managed File Transfer Server and Serv-U Secured FTP vulnerability, which was discovered by Microsoft.

The newly discovered vulnerability is unrelated to the SolarWinds Orion cyberattacks, which were discovered in December 2020. Also, the Serv-U vulnerability did not involve any products from N-able, the MSP software company that SolarWinds is spinning off this month.

Microsoft’s research indicates that the Serv-U vulnerability exploit “involves a limited, targeted set of customers and a single threat actor.” A threat actor who successfully exploited the vulnerability could “run arbitrary code with privileges, and then then install programs; view, change, or delete data; or run programs on the affected system,” the SolarWinds alert said.

MSPs and MSSPs can patch customers’ Serv-U systems by reading this FAQ from SolarWinds.

Return Home

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *