Security researchers at Huntress Labs have identified a vulnerability in SolarWinds’s Web Help Desk that threat actors are exploiting to allow them to execute code remotely.
The vulnerability was listed on the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities last week, and SolarWinds issued a warning, classifying it as a “critical severity” for users to patch the vulnerability. According to SolarWinds, the vulnerability “could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.”
SolarWinds has provided indicators of compromise, suspicious IPs, and the software release, which security professionals should review and update.
Huntress Labs has identified three exploited customers, and Cybersecurity Dive reports that Shadowserver has found 150 instances of compromise. Huntress Labs researchers “believe a threat group tracked as Storn-2603 is behind the attacks.”
If your organization uses SolarWinds’s Web Help, patching the vulnerability should be a priority.
[View source.]
