Log4J - Microsoft uncovers attackers targeting a SolarWinds flaw

Short News:-

Microsoft researchers discover previously undisclosed issues with SolarWinds Serv-U software. Researchers were looking for Log4J vulnerabilities. The vulnerability could allow attackers to build a query given some input and send that query over the network. Microsoft says it affects 15.2.5 and previous versions of Serv-u software. SolarWinds' Log4j vulnerability should have been of utmost priority, NTT Application Security's Ray Kelly said.

Log4J - Microsoft uncovers attackers targeting a SolarWinds flaw

Microsoft urged customers to apply the security updates explained in the SolarWinds advisory. Customers can use their tools to identify and remediate devices that have a vulnerability.

Detailed News:

While looking for Log4J flaws, Microsoft discovered problems with SolarWinds Serv-U, which had previously been kept a secret.

While monitoring threats related to Log4J vulnerabilities, Microsoft researchers discovered a previously unknown vulnerability in the SolarWinds Serv-U software.

According to Jonathan Bar Or's tweet, he discovered serv-u.exe attacks while searching for a Log4J exploit attempt.

"You can feed Ssrv-U with data and it will build an LDAP query based on your unsanitized data! A log4j attack could make use of this, but so could an LDAP injection attack "he put pen to paper.

"Solarwinds was quick to respond and fix the #vulnerability. As far as I'm concerned, they have the fastest response time I've ever seen!"

For more information about the CVE-2021-35247 vulnerability and how to fix it, please see Microsoft's blog post at: https://blogs.microsoft.com/en-us/security/cve-2021-35247/.

LDAP authentication on the Serv-U web login screen, according to SolarWinds, allowed characters that were not sufficiently sanitized, according to their advisory.

"A new input validation and sanitization mechanism have been implemented by SolarWinds. The LDAP servers ignored improper characters, so there was no downstream impact "According to the company, the issue affects both 15.2.5 and earlier versions. As a result of the recent SolarWinds breach.

"SolarWinds should have given this Log4j flaw the utmost priority because it was discovered in December. SolarWinds appears to have been immune to the vulnerability, but it's still not something you want in your software product "Kelly made the comment.

Most application security products can detect the Log4j vulnerability, allowing programmers to quickly identify and fix the problem. "

For this reason, Microsoft is encouraging customers to apply security updates detailed in SolarWinds' advisory and to use their own tools to identify and remediate devices that are vulnerable. In addition, Microsoft Defender Antivirus and Microsoft Defender for Endpoint both detect activity-related behavior on the system.

For John Bambenek of Netenrich, the quick response by SolarWinds and Microsoft to the vulnerability is an example of how vulnerabilities should be dealt with.

We need a partnership like this, where a major tech company with the ability to see attacks reaches out to software companies, and fixes are rushed into production," Bambenek said.



Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post