Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with “high confidence” to a threat actor operating out of China.
In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U’s implementation of the Secure Shell (SSH) protocol, which could be abused by attackers to run arbitrary code on the infected system, including the ability to install malicious programs and view, change, or delete sensitive data.
“The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration,” Microsoft Offensive Research and Security Engineering team said in a detailed write-up describing the exploit.
“An attacker can exploit this vulnerability by connecting to the open SSH port and sending a malformed pre-auth connection request. When successfully exploited, the vulnerability could then allow the attacker to install or run programs, such as in the case of the targeted attack we previously reported,” the researchers…