SolarWinds has patched three recently discovered vulnerabilities -- two associated with Orion, one involving Serv-U FTP for Windows. The vulnerabilities were unrelated to the widely reported SUNBURST and SUPERNOVA events. In this case, the issues were discovered and documented by SpiderLabs, a research arm owned by MSSP Trustwave.
Left unpatched, the three vulnerabilities "could allow an attacker full remote code execution, access to credentials for recovery, and the ability to read, write to or delete any file on the system," Trustwave asserts.
SolarWinds MSP Partners: No Impact
Five key takeaways for MSPs and MSSPs to keep in mind:
1. Timeline: Trustwave reported all three findings to SolarWinds, and patches were released in a very timely manner, the Top 250 MSSP says. Trustwave disclosed the vulnerabilities to SolarWinds on December 30, 2020, and SolarWinds developed and then released patches on January 22 and 25, respectively.
3. No Known Attacks: To the best of Trustwave’s knowledge, none of the vulnerabilities were exploited during the recent SolarWinds attacks or in any “in the wild” attacks. However, given the criticality of these issues, Trustwave recommends that affected users patch as soon as possible, the company says.
5. More Info: Trustwave has purposely withheld specific Proof of Concept (PoC) code in order to give SolarWinds users more time to patch, but the MSSP will post an update to the disclosure blog that includes the PoC code on February 9.