Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug

SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices.

Threat actors have weaponized a newly discovered bug in SolarWinds Serv-U file-sharing software to launch Log4j attacks against networks’ internal devices, Microsoft warned on Wednesday.

SolarWinds issued a fix the day before, on Tuesday.

The vulnerability, tracked as CVE-2021-35247, is an input validation flaw that could allow attackers to build a query, given some input, and to send that query over the network without sanitation, Microsoft’s Threat Intelligence Center (MSTIC) said.

The bug, discovered by Microsoft’s Jonathan Bar Or, affects Serv-U versions 15.2.5 and prior. SolarWinds fixed the vulnerability in Serv-U version 15.3, released on Tuesday.

“The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized,” SolarWinds said in its advisory, adding that it had updated the input mechanism “to perform additional validation and sanitization.”

SolarWinds said that it hasn’t seen any “downstream [effect],” given that “the LDAP servers ignored improper characters.”

For its part, MSTIC didn’t give details about the attacks it’s tracked that have been propagated via the Serv-U bug.

Just the Latest in Ongoing Log4j Barrage

The Serv-U

Read More: https://threatpost.com/microsoft-log4j-attackssolarwinds-serv-u-bug/177824/