Published on: 15 December 2020
Last update on: 16 December 2020
SolarWinds has released a security advisory warning customers about a supply chain attack on SolarWinds Orion Platform software. Attackers may exploit the injected vulnerability to covertly access and compromise the affected systems.
Reports indicate that a supply chain attack has been conducted on the SolarWinds Orion Platform software and active exploitation against the injected vulnerability has been observed. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks. In case patches cannot be applied immediately, administrators should block all Internet egress from SolarWinds servers and isolated the concerned SolarWinds servers as appropriated.
The list of affected products can be found at:
https://www.solarwinds.com/securityadvisory
A successful attack could lead to system compromise.
The product vendor has released version 2020.2.1 HF 2 to address the issue. Details could be found on the vendor's website:
https://www.solarwinds.com/securityadvisory
If for any reasons the patch could not be applied immediately, affected users should disconnect or completely shut down SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, from their network until the vulnerable systems have been patched.
https://www.solarwinds.com/securityadvisory
https://www.hkcert.org/my_url/en/alert/20121501
https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
https://cyber.dhs.gov/ed/21-01/