SolarWinds has developed a patch to fix a Serv-U Managed File Transfer Server and Serv-U Secured FTP vulnerability, which was discovered by Microsoft.
The newly discovered vulnerability is unrelated to the SolarWinds Orion cyberattacks, which were discovered in December 2020. Also, the Serv-U vulnerability did not involve any products from N-able, the MSP software company that SolarWinds is spinning off this month.
Microsoft’s research indicates that the Serv-U vulnerability exploit "involves a limited, targeted set of customers and a single threat actor." A threat actor who successfully exploited the vulnerability could "run arbitrary code with privileges, and then then install programs; view, change, or delete data; or run programs on the affected system," the SolarWinds alert said.
MSPs and MSSPs can patch customers' Serv-U systems by reading this FAQ from SolarWinds.
