In October 2024, SolarWinds released a new hotfix to address a bypass to its initial fix that was discovered by researchers working with Trend Micro’s Zero Day Initiative (ZDI) program. Almost a year later, researchers working with ZDI found a bypass to the bypass.
“Third time’s the charm?” asked Ryan Dewhurst, head of proactive threat intelligence at watchTowr. “The original bug was actively exploited in the wild, and while we’re not yet aware of active exploitation of this latest patch bypass, history suggests it’s only a matter of time.”
Patch bypasses are not necessarily rare, especially when dealing with flaws involving unsafe parsing of untrusted user input. That’s because many developers take a blacklist approach to fixing such flaws and will simply block the specific input used in the known proof-of-concept or weaponized exploit.
