SolarWinds patches vulnerabilities that could allow full system control

Article note: Remember how, like a decade ago, everyone realized paid bolt-on security products were bullshit bordering on malware in the desktop space, and got rid of the Symantec/McAfee type bullshit? It turns out the same kind of C-Suite morons who buy security products from ads in airports didn't get the memo, and now we have the breach that keeps on breaching. It took me seeing three articles go by before I realized it's another separate widely exploited SolarWinds vuln being reported on.

Enlarge (credit: Getty Images)

SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe vulnerabilities.

Martin Rakhmanov, a researcher with Trustwave SpiderLabs, said in a blog post on Wednesday that he began analyzing SolarWinds products shortly after FireEye and Microsoft reported that hackers had taken control of SolarWinds’ software development system and used it to distribute backdoored updates to Orion customers. It didn’t take long for him to find three vulnerabilities, two in Orion and a third in a product known as the Serv-U FTP for Windows. There's no evidence any of the vulnerabilities have been exploited in the wild.

The most serious flaw allows unprivileged users to remotely execute code that takes complete control of the underlying operating system. Tracked as CVE-2021-25274 the vulnerability stems from Orion’s use of the Microsoft Message Queue, a tool that has existed for more than 20 years but is no longer installed by default on Windows machines.