While monitoring threats related to a Java logging system called ‘Apache log4j2’, Microsoft researchers have discovered a previously undisclosed bug in the SolarWinds software that was compromised last year.
During the sustained monitoring of threats taking advantage of the ‘Log4j2’ vulnerabilities, the Microsoft Threat Intelligence Centre (MSTIC) team observed activity related to attacks being propagated via a previously undisclosed vulnerability in the SolarWinds ‘ Serv-U software.
“We discovered that the vulnerability is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation,” Microsoft said in its security update.
SolarWinds said the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.
“SolarWinds has updated the input mechanism to perform additional validation and sanitisation. No downstream affect has been detected as the LDAP servers ignored improper characters,” the company said, adding that it affects 15.2.5 and previous versions.
Microsoft reported the discovery to SolarWinds, and they immediately patched the vulnerability.
“SolarWinds has updated the input mechanism to perform additional validation and sanitisation. To ensure proper input validation is completed in all environments, SolarWinds recommends scheduling an update to the latest version of Serv-U,” said the company.
Microsoft warned that the Russia-based cybercriminals behind the massive SolarWinds software attack last year, are on the prowl again, this time targeting organizations integral to the global IT supply chain.
It said that the Russian nation-state actor ‘Nobelium’ has targeted at least 140 resellers and technology service providers in global IT supply chains.