Microsoft Links SolarWinds Serv-U SSH 0-Day Attack to a Chinese Hacking Group

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News


Microsoft Threat Intelligence Center has published technical facts regarding a now-patched, 0-day remote code execution exploit affecting SolarWinds Serv-U managed file transfer service software that it has attributed with “high confidence” to a hacking group functioning out of China.

In early July, Microsoft Offensive Research & Security Engineering team addressed a remote code execution flaw (CVE-2021-35211) that was present in Serv-U’s implementation of the Secure Shell (SSH) protocol, which could be exploited by cyber criminals to execute arbitrary code on the compromised system, including the ability to install destructive programs and check out, modify, or delete delicate data. 

“The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration,” Microsoft Offensive Research and Security Engineering team explained in a detailed write-up describing the exploit.

“An attacker can exploit this vulnerability by connecting to the open SSH port and sending a malformed pre-auth connection request. When successfully exploited, the vulnerability could then allow the attacker to install or run programs, such as in the case of the targeted attack we previously reported,” the researchers added.

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Similar Posts