Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation
Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July.
