Log4j vulnerabilities have been a big hassle in the last month. Even after the patches released by Apache, there are still vulnerable systems due to how widely it is used in all areas. And yes, it is not easy to apply the patch to every single system since the patches remove some of the original capabilities of Log4j, which may cause the whole software to break down. That’s why some companies are developing their mitigation methods instead of simply applying an Apache Log4j patch.
SolarWinds Serv-U was a tool for Log4j attacks
Microsoft security team, which has been investigating ongoing Log4j attacks for a while, has found that the threat actors are using undisclosed SolarWinds Serv-U software flaws. In the related blog post, the team says that threat actors weaponize the software to propagate attacks leveraging the Log4j vulnerabilities to attack systems.
The need for improper characters to exploit Log4j has prevented the attacks to be successful
The new vulnerability found on SolarWinds Serv-U software is now tracked as CVE-2021-35247 and has a CVSS score of 5.3, making it a medium severity flaw. Microsoft explains the flaw as “An input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation”. The vulnerability has been reported to SolarWinds, and the company has released an update for Serv-U software. The SolarWinds Serv-U 15.3 and above versions are safe, while 15.2.5 and previous versions are affected by the flaw above.
SolarWinds stated that no downstream effect was detected because LDAP servers ignored the improper characters. With the new 15.3 version, the company has updated the input mechanism to perform additional validation and sanitization to prevent future attacks. However, it is not clear if the attacks that Microsoft warned about have been successful or not.