Microsoft discovers critical SolarWinds zero-day under active attack

by
Dan Goodin
from Ars Technica - All content on (#5M3ZS)
solarwinds-800x534.jpeg

Enlarge (credit: Getty Images)

SolarWinds, the company at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line.

Microsoft discovered the exploits and privately reported them to SolarWinds, the latter company said in an advisory published on Friday. SolarWinds said the attacks are entirely unrelated to the supply chain attack discovered in December.

Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," company officials wrote. SolarWinds is unaware of the identity of the potentially affected customers."

Read 7 remaining paragraphs | Comments

index?i=FPyiwPRdCr4:kSUvAknhOWY:V_sGLiPB index?i=FPyiwPRdCr4:kSUvAknhOWY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments