New Delhi: While monitoring threats related to a Java logging system called “Apache log4j2”, Microsoft researchers discovered a previously undisclosed bug in SolarWinds software that was compromised last year.
During sustained threat monitoring leveraging “Log4j2” vulnerabilities, the Microsoft Threat Intelligence Center (MSTIC) team observed activity related to attack propagation via a previously undisclosed vulnerability in SolarWinds software “Serv- U”.
“We have discovered that the vulnerability is an input validation vulnerability that could allow attackers to create a request from an input and send that request over the network without remediation,” Microsoft said in its update. security day.
SolarWinds said the LDAP Authentication Serv-U web login screen allowed characters that were not sufficiently filtered out.
“SolarWinds has updated the input mechanism to perform additional validation and sanitization. No downstream effects were detected as LDAP servers ignored incorrect characters,” the company said, adding that this affects 15.2 .5 and earlier versions.
Microsoft reported the finding to SolarWinds and they immediately patched the vulnerability.
“SolarWinds has updated the ingress mechanism to perform additional validation and sanitization. To ensure that ingress validation is performed in all environments, SolarWinds recommends planning an update to the latest version of Serv -U,” the company said.
Microsoft has warned that the Russian-based cybercriminals behind last year’s massive attack on SolarWinds software are on the prowl again, this time targeting organizations integral to the IT supply chain. world.
Russian state actor “Nobelium” has targeted at least 140 technology resellers and service providers in global IT supply chains, he said.