Microsoft Found Another Solarwinds Velnurability While Searching Log4j


As per Microsoft, previously unknown attacks on the SolarWinds Serv-U software while searching for Log4J vulnerabilities. The vulnerability discovered in this way has since been fixed. Since December, corporations have been fixing the newly discovered vulnerability in the Log4j Java library and protecting their systems. However, Microsoft had informed some time ago that the problem should be taken seriously, because security experts believe the vulnerability could cause more serious problems than the feared SolwarWinds hacks from 2020 and 2021 did.

Over the past year, more and more horror reports have emerged about the vulnerability of SolarWinds and its magnitude. It is all the more surprising that Microsoft especially discovered a new SolarWinds problem when analyzing the new Log4J vulnerability. Microsoft researchers have, according to the Report by ZDNet after discovering a previously unknown vulnerability in the SolarWinds Serv-U software while monitoring threats related to Log4J vulnerabilities. These attacks had previously gone unnoticed.

Swift response

Jonathan Bar Or tweeted that he noticed serv-u.exe attacks while hunting a Log4J exploit attempt. “Solarwinds responded immediately, investigated and fixed the vulnerability. Their response is the fastest I’ve seen, really great work on their part!” Microsoft then released one: Explanation of the error who now as CVE-2021-35247 to be led.

Patch available

SolarWinds updated the input mechanism to perform additional validation and cleanup. No downstream impact was observed because the LDAP servers ignored illegal characters, the company explained, adding that Serv-U software in version 15.2.5 and more likely to be affected.