Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation


Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July.

Microsoft, which investigated the incidents, said the attacks against SolarWinds file transfer servers were carried out by a Chinese hacking group tracked as DEV-0322.

Threat actors exploited a zero-day remote code execution flaw, tracked as CVE-2021-35211, in Serv-U products.

SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer Server and Serv-U Secured FTP. According to Microsoft, the flaw was exploited in attacks against a limited, targeted set of customers by a single threat actor.

Read more…