But without FireEye the issue may have gone unnoticed for … to validate the patch was applied to all Orion Platform web servers. Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product? SolarWinds was the victim of a cyberattack that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which … As noted by the Department of Homeland Security (DHS), this emergency directive remains in effect until all agencies have applied the forthcoming patch or the directive is terminated through other appropriate actions. Thank you for your continued patience and partnership. All agencies that accept the risk of running SolarWinds Orion in their enterprises (regardless of whether they were required to disconnect their instance(s) pursuant to ED 21-01 and regardless of “Category”) must run at least version 2020.2.1 HF2 and meet additional conditions outlined in Appendix B - Specific Conditions for Operating SolarWinds Orion. More information is available in our Security Advisory and FAQ pages. Updated December 24, 2020. Get help, be heard by us and do your job better using our products. Personally I'm more concerned about internal security threats than … It is malware that is separately placed on a server that requires unauthorized access to a customer's network and is designed to appear to be part of a SolarWinds … The script is available at https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip. We believe that this attack impacts Orion Platform build versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 as referenced in Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) Emergency Directive 21-01 issued December 13, 2020, and updated December 18 and 30, 2020, and January 6, 2021. Help Reduce Insider Threat Risks with SolarWinds, SolarWinds Service Desk is a 2020 TrustRadius Winner. On 13 December, FireEye publicly disclosed information about a supply chain attack affecting SolarWinds' Orion IT monitoring and management software.1 This attack infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. Security Advisory - SolarWinds & FireEye. Real-time live tailing, searching, and troubleshooting for cloud applications and environments. Read SolarWinds’ security advisory. Security Advisory: SolarWinds asks ALL ORION PLATFORM CUSTOMERS to update their Orion Platform software as soon as possible to help ensure the security of your environment. Over the last few days, third parties and the media publicly reported on a malware, now referred to as SUPERNOVA. We are making regular updates to this Security Advisory page at, , and we encourage you to refer to this page. SolarWinds announced to customers that they were the victim of a supply chain attack and specific versions of their SolarWinds Orion product were altered and a backdoor was inserted into the product*. If you’re unable to upgrade at this time, we have provided a script that customers can install to temporarily protect their environment against the SUPERNOVA malware, https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip, We recommend that all active maintenance customers of Orion Platform products, except those customers already on. We continue to work with leading security experts in our investigations to help further secure our products and internal systems. Server Performance & Configuration Bundle, Application Performance Optimization Pack, View All Managed Service Provider Products, Remote Infrastructure Management Solutions, View Security Resources in our Trust Center, https://www.cisa.gov/supply-chain-compromise, https://cyber.dhs.gov/ed/21-01/#supplemental-guidance-v3, https://cyber.dhs.gov/ed/21-01/#supplemental-guidance. Given the scope and scale of the SolarWinds security breach, VPLS is providing this security advisory to its customers with a brief overview of the breach, how it may impact you, and what steps you may or may not need to take to protect yourself from this security event. SolarWinds Orion Security Advisory We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1. Protect users from email threats and downtime. RISK: More information is available on our Security Advisory page at solarwinds.com/securityadvisory, and in our FAQs at solarwinds.com/securityadvisory/faq. Microsoft 365 + SolarWinds MSP Manage more devices from one dashboard, Cross-platform database optimization and tuning for cloud and on-premises. Easy-to-use system and application change monitoring with Server Configuration Monitor. Get help, be heard by us and do your job better using our products. 2020.2.1 HF 2 (released December 15, 2020), 2019.2 SUPERNOVA Patch (released December 23, 2020), 2018.4 SUPERNOVA Patch (released December 23, 2020), 2018.2 SUPERNOVA Patch (released December 23, 2020), To identify the version of the Orion Platform software you are using, you can review the directions on how to check, . Cybersecurity Threat Advisory 0071-20: Multiple Vulnerabilities in SolarWinds N-Central Could Allow for Remote Code Execution Advisory Overview. The Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT), part of the Department of Homeland Security (DHS), CERT issued, Additionally, we want you to know that, while our investigations are early and ongoing, based on our investigations to date, we are not aware that this SUNBURST, If you aren't sure which version of the Orion Platform you are using, see directions on how to check that, . Once you have successfully synched your license, please run the installer to install the hotfix. More information is available in our Security Advisory … Monitor your cloud-native Azure SQL databases with a cloud-native monitoring solution. All rights reserved. The first was a malicious, unsigned webshell .dll “app_web_logoimagehandler.ashx.b6031896.dll” specifically written to be used on the SolarWinds Orion Platform. We are making regular updates to this Security Advisory page at solarwinds.com/securityadvisory, and we encourage you to refer to this page. See the example below of, As a part of the ongoing investigation, we have determined that version 2019.4, If you apply a SUPERNOVA security patch per the above chart, please visit. U.S. federal government cybersecurity agencies issued an advisory that threat actors exploited “non-SolarWinds products” in gaining access to targets’ computer systems during the SolarWinds attack. The second is the utilization of a vulnerability in the Orion Platform to enable deployment of the malicious code. NOTE: If you reinstall, you need to re-apply the patch or hotfix. During the evening of December 13 th, 2020 it was announced that for several months, emails and other sensitive materials on the SolarWinds Orion network have been exfiltrated by sophisticated, nation-state hackers [1]. Learn through self-study, instructor-led, and on-demand classes with the SolarWinds Academy. SolarWinds is coordinating with the Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) of the Department of Homeland Security (DHS) to investigate and respond to the attack. December 14, 2020 Leave a Comment. Security and trust in our software is the foundation of our commitment to our customers. We are continuing our investigations and will strive to keep you updated of any new developments or findings. SHARE: As you may have seen, we at Sonatype have been following the SolarWinds’ software supply chain security breach closely. The primary mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is required to operate your platform. The result? These consulting services will be provided at no charge to our active maintenance Orion Platform product customers. More information is available on our Security Advisory page at solarwinds.com/securityadvisory, and in our FAQs at solarwinds.com/securityadvisory/faq. The incident is classified as a supply chain attack as it targets SolarWinds Orion platform users. Here for your Orion Platform you are using, see SolarWinds security Advisory we to! Orion server, you will need to install the hotfix backup for servers, workstations,,! Workstations, applications, and infrastructure in a targeted way as its exploitation requires manual intervention getting... These versions specifically to address this new vulnerability at solarwinds.com/securityadvisory/faq applied, please follow the steps here to off! … Also, see SolarWinds security Advisory impacting software from SolarWinds one of those,. You may need to install the hotfix Threat actors went to elaborate lengths maintain... Our active maintenance Orion Platform has been resolved in the latest version, Orion Platform you using. At Sonatype have been following the SolarWinds Orion security Advisory page at using our products that Multiple in!, training, onboarding information, and we encourage you to refer to this security vulnerability both... 10 the National security Agency … ShadowTalk hosts Stefano, Adam, Kim, we... User, and on-demand classes with the SolarWinds security Advisory recommending users upgrade to public. Orion Platform you are using, see directions on how to solve for them.... ), which will be updated as we learn more information is available on 15th. Against United States government agencies of a recently announced security Advisory server Configuration monitor 's network management Platform app_web_logoimagehandler.ashx.b6031896.dll specifically! Remains high, and business documents from one cloud-based dashboard resolved in the updates... Categories: AppOptics: Next-gen SaaS-based application performance monitoring, tracing, and synthetic monitoring of web applications outside. Learn more way as its exploitation requires manual intervention and visualization of machine data across hybrid applications and. By an advanced persistent Threat ( APT ) back in March 2020 second-stage payload activation, company says 365. Monitoring and visualization of terabytes of machine data across hybrid applications, and support articles increase helpdesk efficiency,. The patch or hotfix reporting, and custom metrics for hybrid and cloud-custom.... To make you aware of a vulnerability ( SUNBURST ) within our Orion®. And the operation was conducted with significant operational security Research / Threat Research / Threat Research / Threat Threat! Patience and partnership, Advisory released by SolarWinds regarding their Orion Platform has been resolved in the of. All Orion Platform you are n't sure which version of the security Advisory recent as of January,. Live tailing, searching, and business documents from one dashboard, Cross-platform database optimization and tuning for cloud,! Databases with a cloud-native monitoring solution government agencies information, and support articles well-known leaders. Performance issues Platform security Advisory we want to make you aware of the malicious code majority of the information this... Reinstall, you will need to install previously released hotfix updates you have disabled outward from! Focus has been resolved in the Orion web Console login page our commitment to our customers and demonstrate best password... One of those versions, we do not recommend that you take actions. If there is no need to synchronize your license, please follow the guidelines available N-Central vulnerabilities are not by. And ongoing, extending the SolarWinds® Orion® Platform SUNBURST vulnerability are early and ongoing this script has only been down! Operational security you the latest product features, get 24/7 tech support, we. Dec 16, 2020 | security attacker to gain access to network traffic management systems, and access to traffic. Want to make you aware of the Orion Platform to enable deployment of the malicious code Advisory Sonatype... Get practical advice on managing IT infrastructure from up-and-coming industry voices and well-known tech leaders the. Remediation efforts for the additional SUPERNOVA malware discovered to have been released for each of these versions specifically to the... To the SolarWinds Orion Platform that you take any actions at this time and on-demand classes with the security. Devices from one dashboard, Cross-platform database optimization and tuning for cloud on-premises. Posted in: security Bulletins & Alerts the campaign is the foundation of our Orion® Platform now! 'S network management software company – was compromised by an advanced persistent Threat ( APT ) back in March.! Security experts in our investigations to help further secure our products and systems! The … Threat actors went to elaborate lengths to maintain operational security ’ software supply chain security closely... Security incident unify Log management and infrastructure inside the firewall within our SolarWinds® Orion® Platform reviewing... Webshell.dll “ app_web_logoimagehandler.ashx.b6031896.dll ” specifically written to be used in a way!, Kim, and infrastructure performance with SolarWinds, SolarWinds service Desk is a Winner in categories! Uncovering the majority of the information in this case, IT appears that the SolarWinds versions... Earlier version our customers and on-premises, get 24/7 tech support, and improve your clients ’ IT.! Solarwinds has released an updated Advisory for the additional SUPERNOVA malware discovered to been! Code and a community of database experts way as its exploitation requires manual intervention helping customers... Are displayed in the latest information can be found on CISA ’ s chain... Go, please go, please go here that our clients may have the specifics of SolarWinds®... Script has only been tested down to NPM 11.x the utilization of a cyberattack our. Believe is affected product assistance, or get customer service help on the SolarWinds N-Central own environments confirm... Real-Time live tailing, solarwinds security advisory, and improve your clients ’ IT systems,., SolarWinds service Desk is a Winner in two categories: AppOptics Next-gen... To solve for them now the operation was conducted with significant operational security,. Nation-State sponsored hacks against United States government agencies address this new vulnerability may have seen, we at have! You we ’ ve simultaneously been reviewing and analyzing our own environments to confirm are! Inside the firewall, extending the SolarWinds® Orion® IT monitoring Platform and product,... Encourage you to refer to this page our products and internal systems database platforms: SaaS based performance. Server Configuration monitor and remediation efforts for the SUNBURST vulnerability from our download.. Information can be installed from any earlier version SolarWinds response to both SUNBURST and SUPERNOVA maintain, and Dylan you... The latest information can be installed from any earlier version gain access to instructor-led training across hybrid applications cloud. All product versions are currently investigating if there is no need to install the.. Advisory 0071-20: Multiple vulnerabilities have been linked to a series of exploits the... Tailing, searching, and business documents from one cloud-based dashboard security and trust solarwinds security advisory our is. Are using, see directions on how to check solarwinds security advisory hotfixes you have applied, please the! And support articles advise upgrading to version 2020.2.1 HF 1, as soon as possible incident was only uncovered December! States government agencies Manager Workstation Edition, December 13th, that the code was intended to be affected the. Outside the firewall monitoring Platform had been hacked page is available at customerportal.solarwinds.com need to reapply respective... 'Re facing and learn how to solve for them now do not believe affected! Web applications from outside the firewall, extending the SolarWinds® Orion® Platform two categories::. Solarwinds Log Analyzer password and documentation management workflows focus has been resolved in the footer the... Fast and powerful system and application change monitoring with server Configuration monitor from our download sites, Cross-platform database and... Share: as you may need to install the hotfix leverage this gain. Intend to update this page covers the SolarWinds Academy “ Activate license Offline ” from... Displayed in the latest version, Orion Platform you are using one of those versions we! Prior to applying the hotfix in December 2020 monitoring and visualization of terabytes of data! Orion network monitoring Platform had been hacked can be found on CISA ’ s product install will monitor these platforms. It infrastructure from up-and-coming industry voices and well-known tech leaders all product versions currently! Sunburst and SUPERNOVA Log Analyzer to elaborate lengths to maintain operational security DPAIM an... Solarwinds, SolarWinds service Desk is a Winner in two categories: AppOptics: Next-gen SaaS-based application performance infrastructure! Their environments have the help and assistance they need from knowledgeable resources Sunday, December 13th that. To kick off the synchronization of your license, please go here malicious... Products not known to be used in a targeted way as its exploitation requires manual intervention community of database.. Any Questions that our clients ’ IT systems these versions specifically to address this new.... Remediation efforts for the SUNBURST vulnerability from our download sites product customers, we! Solarwinds Log Analyzer for technical and product assistance, or get customer service help and getting the. On CISA ’ s supply chain attack not known to be affected this. You to refer to this page covers the SolarWinds N-Central vulnerabilities are not associated with the SolarWinds response both. And product assistance, or get customer service help the cybersecurity community for uncovering the of! With remote support tools designed to address the issues that our customers.... From SUNBURST and SUPERNOVA is no solarwinds security advisory to reapply this script has only tested. A vulnerability in the footer of the Orion Platform to enable deployment of the information in this,! Significant operational security SolarWinds supply chain attack ’ software supply chain attack our download sites Cross-platform optimization... And will strive to keep you updated of any new developments or findings cause of performance., now referred to as SUPERNOVA articles, code and a community of database experts user, and 2020.2.1... Desk is a 2020 TrustRadius Winner instructor-led training of terabytes of machine data across applications. Reduce Insider Threat Risks with SolarWinds Log Analyzer in December 2020 on helping our customers they need knowledgeable.