Security News > 2021 > July > SolarWinds patches critical Serv-U vulnerability exploited in the wild
SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers.
"Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," the company said in an advisory published on Friday.
"To the best of our understanding, no other SolarWinds products have been affected by this vulnerability. [.] SolarWinds is unaware of the identity of the potentially affected customers."
SolarWinds has addressed the security vulnerability reported by Microsoft with the release of Serv-U version 15.2.3 hotfix 2.
SolarWinds provides additional info on how to find if your environment was compromised during the attacks Microsoft reported.
In March, SolarWinds reported expenses of $3.5 million from last year's supply-chain attack, including costs related to remediation and incident investigation.
News URL
Related news
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)