How the Vulnerability Works
US cybersecurity officials have added a high severity bug in SolarWinds Serv-U software to a federal alert list after confirming it is being actively exploited in real world attacks. This flaw affects the multi protocol file server product and allows an attacker to crash the service without needing any login credentials.
The issue stems from how the software handles specially prepared POST requests that use a particular compression method. When a malicious request is sent, the service consumes excessive resources and shuts down creating a denial of service condition. The vendor has released a hotfix version that resolves the problem and recommends blocking requests with certain headers as an interim protective measure.
Impact and Response Timeline
Federal agencies under civilian executive branch authority have been given a deadline of mid June to apply the patch across their systems. While the exact methods used by attackers are not yet known, officials have seen active exploitation occurring. Past incidents have shown that similar SolarWinds Serv-U flaws were leveraged by ransomware groups including the Cl0p gang.
Organizations running exposed instances of this software should prioritize updating immediately. The vulnerability does not require authentication to trigger which makes it attractive for threat actors looking to disrupt file transfer operations. Security teams should also restrict access only to trusted IP addresses and monitor for unusual traffic patterns targeting their Serv-U deployments.
Source: The Hacker News
