Breach, Content

SolarWinds, Alerted By Microsoft, Patches Serv-U Vulnerability

SolarWinds has developed a patch to fix a Serv-U Managed File Transfer Server and Serv-U Secured FTP vulnerability, which was discovered by Microsoft.

The newly discovered vulnerability is unrelated to the SolarWinds Orion cyberattacks, which were discovered in December 2020. Also, the Serv-U vulnerability did not involve any products from N-able, the MSP software company that SolarWinds is spinning off this month.

Microsoft’s research indicates that the Serv-U vulnerability exploit "involves a limited, targeted set of customers and a single threat actor." A threat actor who successfully exploited the vulnerability could "run arbitrary code with privileges, and then then install programs; view, change, or delete data; or run programs on the affected system," the SolarWinds alert said.

MSPs and MSSPs can patch customers' Serv-U systems by reading this FAQ from SolarWinds.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.