SolarWinds Corp., the software company at the center of a massive cyberattack last year, is warning some customers that hackers have discovered and exploited a new vulnerability.
In a statement released over the weekend, SolarWinds
warned users of its Serv-U Managed File Transfer Server and Serv-U Secured FTP to immediately install a hotfix to secure the vulnerability. If left unpatched, “An attacker could then install programs; view, change, or delete data; or run programs on the affected system,” the company said.
Austin, Texas-based SolarWinds said it was alerted to the hack by Microsoft Corp.
and that it involves “a limited, targeted set of customers and a single threat actor.”
SolarWinds stressed that the vulnerability specifically targets its Serv-U products: “To the best of our understanding, no other SolarWinds products have been affected by this vulnerability.”
The company said the latest breach is “completely unrelated” to last year’s massive “Sunburst” cyberattack, which exposed potentially sensitive data at a number of federal agencies, including the Treasury Department, and major companies, including Intel Corp.
Cisco Systems Inc.
and Nividia Corp. NVDA,
SolarWinds said it did not know which of its customers have been targeted in the latest cyberattack, nor does it have an estimate of how many customers were affected.
Shares of SolarWinds fell nearly 2% on Monday, giving up early gains after the company predicted an upbeat second-quarter revenue outlook. The stock is up 14% year to date, though down 2% over the past 12 months.