SolarWinds issues a zero-day remote code execution flaw in Serv-U products. The flaw is actively exploited in the wild by a single threat actor. Microsoft provided a proof of concept of the exploit along with evidence of the attacks. The vendor has released a hotfix to fix the issue and urges customers to fix it. Microsoft has provided evidence of limited, targeted customer impact of the vulnerability. The issue is not linked to SolarWind’s supply chain attack, experts pointed out that this issue was not linked.”]
Source: https://securityaffairs.co/wordpress/120020/security/solarwinds-serv-u-zero-day.html

