High Threat Security Alert (A21-02-01): Multiple Vulnerabilities in SolarWinds Orion Platform software
04 February 2021
SolarWinds has released security updates to address the vulnerability "SUNBURST" on Orion Platform software as well as the malware "SUPERNOVA" which exploits another vulnerability in SolarWinds Orion Platform software. To rebuild the affected versions due to the previous supply chain attack, SolarWinds deploys a new digital code-signing certificate to re-release all of the products. SolarWinds strongly advised all users to upgrade to the new builds before 8 March 2021.
Reports indicate that successful exploitations against the vulnerabilities in SolarWinds Orion Platform software has been observed. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
SolarWinds Orion Platform version 2020.2.x prior to version 2020.2.4
SolarWinds Orion Platform version 2019.x prior to version 2019.4.2
SolarWinds all other prior versions
The list of affected versions can be found under the RECOMMENDED ACTIONS section of the following URL:
A successful attack could lead to system compromise.
The product vendor has released version 2020.2.4 and version 2019.4.2 to address the issue. Details could be found on the vendor's website: