Three critical vulnerabilities were observed in SolarWinds products. All these severe bugs allow remote code execution with high privileges. At the time of this blog being published, there has been no active PoC in the wild. CVE-2021-25274 – MSMQ Remote Code Execution SolarWinds Collector Service uses MSMQ (Microsoft Message Queue), and it doesn’t set permissions … Continue reading “SolarWinds Full System Control Vulnerabilities (CVE-2021-25274, CVE-2021-25275, CVE-2021-25276)”