Description:

SolarWinds has released security updates to address the vulnerability "SUNBURST" on Orion Platform software as well as the malware "SUPERNOVA" which exploits another vulnerability in SolarWinds Orion Platform software. To rebuild the affected versions due to the previous supply chain attack, SolarWinds deploys a new digital code-signing certificate to re-release all of the products. SolarWinds strongly advised all users to upgrade to the new builds before 8 March 2021.

Reports indicate that successful exploitations against the vulnerabilities in SolarWinds Orion Platform software has been observed. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• SolarWinds Orion Platform version 2020.2.x prior to version 2020.2.4
• SolarWinds Orion Platform version 2019.x prior to version 2019.4.2
• SolarWinds all other prior versions

The list of affected versions can be found under the RECOMMENDED ACTIONS section of the following URL:

https://www.solarwinds.com/securityadvisory

Impact:

A successful attack could lead to system compromise.

Recommendation:

The product vendor has released version 2020.2.4 and version 2019.4.2 to address the issue. Details could be found on the vendor's website:

https://www.solarwinds.com/securityadvisory

More Information:

https://www.solarwinds.com/securityadvisory
https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/release_notes/orion_platform_2020-2-4_release_notes.htm
https://www.solarwinds.com/trust-center/new-digital-certificate