Introduction:

Microsoft revealed details of a new security vulnerability in SolarWinds Serv-U (multi-protocol file server) software that said it was being armed by threat actors to spread the attacks taking advantage of Log4J faults to compromise the objectives.

The weakness is in the SERV-U Solarwinds application, which is a managed FTP platform, and Microsoft researchers identified the attackers while monitoring attacks on the Log4J defects. Microsoft said the vulnerability was previously unknown and the company reported it to SolarWinds.

 

Main Concern:

Microsoft has discovered that the vulnerability, now followed as CVE-2021-35247, is an input validation vulnerability that can allow attackers to create a malicious query and send that request to the network without sanitization.

The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.

The IT management software manufacturer also noted that “no downstream effect has been detected, since LDAP servers ignored improper characters.” It is not clear immediately if the attacks detected by Microsoft were mere attempts to exploit the fault or if ultimately, they were successful.

The development comes then that several actors of the threat continue to take advantage of the log4shell defects in search of sweeping masses and to infiltrate vulnerable networks to deploy backdoors, coin miners, ransomware, and remote shells having Persistent access for further post-exploitation activity.

 

Recommendations:

The vulnerability affected the versions 15.2.5 and earlier. After receiving the report from Microsoft, SolarWinds has updated the input mechanism to perform additional validation.

Users are required to update the software to the latest available version i.e. 15.3 or above.