Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges. SolarWinds ARM is a tool that enables organizations to manage and audit user access rights across their IT environments. It offers Microsoft Active Directory integration, role-based access control, visual feedback, and more. Through Trend Micro's Zero Day Initiative, researchers reported eight flaws in the SolarWinds solution on June 22, three of them with critical severity. The vendor addressed all vulnerabilities earlier this week with a patch available in version 2023.2.1 of its Access Rights Manager. Executing code in the context of "SYSTEM" on Windows computers means that it runs with the highest privileges on the machine. SYSTEM is an internal account reserved for the operating system and its services. Attackers gaining this level of privileges have full control over all files on the victim machine. The rest of the security issues that SolarWinds addressed in its Access Right Manager are high-severity and attackers could exploit them to increase permissions or execute arbitrary code on the host after authentication. SolarWinds published an advisory this week describing the eight vulnerabilities and their severity rating, as assessed by the company. It is worth noting that the company did not rate any of the security issues as critical and the highest rating is 8.8, for high-severity issues. Millions of Exim mail servers exposed to zero-day RCE attacks. Thousands of Juniper devices vulnerable to unauthenticated RCE flaw. ASUS routers vulnerable to critical remote code execution flaws. Ransomware gangs now exploiting critical TeamCity RCE flaw. Hackers hijack Citrix NetScaler login pages to steal credentials.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000