SolarWinds seems to be the vulnerability that just keeps giving. As is typical in the world of cyber, when a vulnerability is disclosed, it gains the spotlight and garners a great deal of attention from researchers and hackers alike. SolarWinds is not the exception.
A new vulnerability was public disclosed on February 3rd, 2021. Trustwave, a threat detection firm, announced the new vulnerability and will release the Proof of Concept (PoC) on February 9th, 2021. Once the PoC is released, any hacker with basic skills would be able to utilize the vulnerability to gain remote execution privileges by using the Microsoft Message Queue (MSMQ).
If that wasn’t enough, a second vulnerability released by Trustwave, allows a single line of code to decrypt the SolarWindsOrionDatabaseUser password. By connecting this user to the SQL Server Database, the hacker now has complete access and control of the SOLARWINDS_ORION database.
But wait there is more…
The SERV-U FTP product allows any local user or anyone with Remote Desktop connectivity, to drop a file that defines a new user. That “new user” can be configured to have complete control at the root level of the C:\ drive.
These three new vulnerabilities have been addressed with SolarWinds and security patches have been released. UPDATE your system. Update before Feb 9th. This is not a time to wait and see if this is real. The exploit will be made public on February 9th, 2021. Don’t be the one that was caught with an unpatched system.
Patches are available now:
ServU-FTP 15.2.2 Hotfix 1 (direct download .zip patch)
Trustwave SpiderLabs Advisory TWSL2021-001: Multiple Vulnerabilities in SolarWinds Orion
Trustwave SpiderLabs Advisory TWSL2021-002: Vulnerability in SolarWinds Serv-U FTP Server