Microsoft warns SolarWinds customers that Serv-U is under attack
The beleaguered IT firm urges its customers to patch their FTP systems immediately
Hackers are triggering a vulnerability in the Serv-U Managed File Transfer (MFT) and Serv-U Secure File Transfer Protocol (FTP) products to attack SolarWinds customers.
SolarWinds has released a hotfix to patch the remote code execution vulnerability - tracked as CVE-2021-35211 - after Microsoft researchers reported that it was involved in ongoing attacks against customers.
The company, which was at the centre of one of the biggest attacks in recent memory towards the end of last year, has urged its Serv-U customers to patch their systems immediately in order to benefit from the fix.
Serv-U is a suite of tools, maintained by SolarWinds, that allows customers to securely transfer files remotely across the web. Alongside Managed File Transfer and Secure FTP, the suite includes Serv-U Gateway, which adds a layer of security to file transfers.
Hackers can exploit the vulnerability to run arbitrary code with privileges on targeted systems, before installing programmes, altering or deleting data, and running programmes. The vulnerability exists in the latest Serv-U version 15.2.3 HF1, released on 5 May 2021, and all prior versions, with customers encouraged to update to Serv-U version 15.2.3 HF2.
No other SolarWinds products have been affected by this vulnerability, the company claims, with Microsoft providing evidence of limited, targeted customer impact by a single entity.
SolarWinds doesn’t have an estimate for how many customers have been affected, however, and it’s unaware of the identity of the current victims.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
RELATED RESOURCE
X-Force Threat Intelligence Index
Top security threats and recommendations for resilience
The company has stressed this is a new vulnerability and not related to the supply chain attack that affected approximately 100 victims, at least. Investigations into that attack revealed that the hackers responsible had first infiltrated the company’s networks in September 2019, before injecting test code and beginning trial runs.
SolarWinds had previously blamed an intern for setting a weak ‘solarwinds123’ password, which was publicly accessible on GitHub for more than a year, on a company server, which allowed hackers a route into the company’s networks.

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.
-
EnGenius ECW515 reviewReviews Not the best value but this dual-band Wi-Fi 7 wall plate AP offers a good feature set, cloud management and a fair turn of speed
-
Multi-channel phishing attacks: How to manage the riskIn-depth Attackers are evolving beyond email towards phishing across multiple channels. Why is this, and what can be done to manage the risk?
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security