solarwinds security advisory

• Home
• Contact

If you have disabled outward communication from your Orion license, please follow the “Activate License Offline” section from here. These updates contain security enhancements including those designed to protect you from SUNBURST and SUPERNOVA. SUNBURST Backdoor. Talos Group. Orion Platform versions 2019.4 HF6 and 2020.2.1 HF2 were designed to protect you from both SUNBURST and SUPERNOVA. We believe that this attack impacts Orion Platform build versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 as referenced in Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) Emergency Directive 21-01 issued December 13, 2020, and updated December 18 and 30, 2020, and January 6, 2021. SolarWinds Security Advisory. During the evening of December 13 th, 2020 it was announced that for several months, emails and other sensitive materials on the SolarWinds Orion network have been exfiltrated by sophisticated, nation-state hackers [1]. SHARE: As you may have seen, we at Sonatype have been following the SolarWinds’ software supply chain security breach closely. Security patches have been released for each of these versions specifically to address this new vulnerability. They advise upgrading to version 2020.2.1 HF1, and then 2020.2.1 HF2, which will be available on December 15th, 2020. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security process, procedures and standards designed to protect our customers. If you reinstall your Orion server, you will need to reapply the respective patch. A detailed Frequently Asked Questions (FAQ) page is available here, and we intend to update this page as we learn more information. Bringing together SolarWinds and Microsoft Intune management capabilities. Hello, We are currently on version 2020.2 and like everyone else need to make sure we are doing absolutely everything to protect our environment. *As a part of the ongoing investigation, we have determined that version 2019.4 with no hotfix of the Orion Platform released in October 2019 contained test modifications to the code base. SUNBURST Information. Manage your portal account and all your products. Qualys Security Advisory: SolarWinds / FireEye. NOTE: If you reinstall, you need to re-apply the patch or hotfix. Follow the guidance provided by the U.S. Department of Homeland Security and in the SolarWinds Security Advisory. To check which updates you have applied, please go here. The latest official updates can be found on SolarWinds Security Advisory . Given the scope and scale of the SolarWinds security breach, VPLS is providing this security advisory to its customers with a brief overview of the breach, how it may impact you, and … Security and trust in our software is the foundation of our commitment to our customers. We continue to work with leading security experts in our investigations to help further secure our products and internal systems. As noted by the Department of Homeland Security (DHS), this emergency directive remains in effect until all agencies have applied the forthcoming patch or the directive is terminated through other appropriate actions. More information is available on our Security Advisory page at solarwinds.com/securityadvisory, and in our FAQs at solarwinds.com/securityadvisory/faq. Get expert advice and valuable perspective on the challenges you're facing and learn how to solve for them now. Background. Manage and Audit Access Rights across your Infrastructure. If you reinstall your Orion server, you will need to reapply this script. Protect users from email threats and downtime. Get help, be heard by us and do your job better using our products. Cybersecurity Threat Advisory 0071-20: Multiple Vulnerabilities in SolarWinds N-Central Could Allow for Remote Code Execution Advisory Overview. To underscore the seriousness of this breach, the Department of Homeland Security has issued an emergency directive ordering all federal agencies to take immediate steps in mitigating the … SolarWinds issued an Orion security advisory here, explaining that attack involved Orion builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT), part of the Department of Homeland Security (DHS), CERT issued Emergency Directive 21-01 on December 13, 2020 regarding this issue, and has updated their guidance as part of our ongoing coordination with the agency. Cisco Blogs / Security / Threat Research / Threat Advisory: SolarWinds supply chain attack. We do not use the SolarWinds Orion platform, but have taken precautionary steps and blocked all Indicators of Compromise (IOCs) associated with this advisory. This page covers the SolarWinds response to both SUNBURST and SUPERNOVA. Server Performance & Configuration Bundle, Application Performance Optimization Pack, View All Managed Service Provider Products, Remote Infrastructure Management Solutions, View Security Resources in our Trust Center. SolarWinds released an updated advisory for the SuperNova malware discovered while investigating the recent supply chain attack. All product versions are displayed in the footer of the Orion Web Console login page. Over the last few days, third parties and the media publicly reported on a malware, now referred to as SUPERNOVA. For information about, A detailed Frequently Asked Questions (FAQ) page is available. Built to help maximize efficiency and scale. Submit a ticket for technical and product assistance, or get customer service help. Security Bulletin: SolarWinds Security Advisory We want to make you aware of a recently announced security advisory impacting software from SolarWinds. Developed by network and systems engineers who know what it takes to manage today's dynamic IT environments, SolarWinds has a deep connection to the IT community. If you aren't sure which version of the Orion Platform you are using, see directions on how to check that here. The latest information can be found on CISA’s Supply Chain Compromise page and continues to be updated as we learn more. Manage backup for servers, workstations, applications, and business documents from one cloud-based dashboard. We have developed a program to provide professional consulting resources experienced with the Orion Platform and products to assist customers who need guidance on or support upgrading to the latest hotfix updates. Related frequently asked questions can be found here . Along those lines, however, in its advisory SolarWinds recommended taking the following steps related to its Orion Platform: Users of Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 should upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security … SolarWinds issued a security advisory recommending users upgrade to the latest version, Orion Platform version 2020.2.1 HF 1, as soon as possible. More information is available in our Security Advisory … Given the scope and scale of the SolarWinds security breach, VPLS is providing this security advisory to its customers with a brief overview of the breach, how it may impact you, and what steps you may or may not need to take to protect yourself from this security event. Connect with more than 150,000+ community members. Once in the network, the intruder then uses the administrative permissions acquired through the on-premises compromise to gain access to the organization’s global administrator account and/or trusted SAML token signing certificate. Protect users from email threats and downtime. SolarWinds Security Advisory - Update December 27, 2020 עדכון ממערך הסייבר- סולרוינדס אוריון SolarWinds 16/12/2020 - עדכון סייבר של SolarWinds SolarWinds issued a security advisory recommending users upgrade to the latest version, Orion Platform version 2020.2.1 HF 1, as soon as possible. Help Reduce Insider Threat Risks with SolarWinds, SolarWinds Service Desk is a 2020 TrustRadius Winner. In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, … Monitor your cloud-native Azure SQL databases with a cloud-native monitoring solution. SolarWinds Orion is an IT performance monitoring … . The script is available at https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip. For information about SUPERNOVA, go here. We work closely with our customers to address and remediate any potential concerns, and we encourage all customers to run only supported versions of our products and to upgrade to the latest versions to the get the full benefit of our updates, improvements, and enhancements. The primary mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is required to operate your platform. CERT issued Alert (AA20-352A), titled Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, as an update to ED 21-01 on December 17, 2020, based on our coordination with the agency, and has updated this alert as of December 19, 2020. To provide additional security for your Orion Platform installation, please follow the guidelines available. Security Bulletin: SolarWinds Compromise Advisory Statement. These attacks have been linked to a series of exploits of the SolarWinds® Orion® IT Monitoring Platform. SolarWinds has released an updated advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform. Automate what you need. Integration Module* (DPAIM*). Our DFIR team has been collecting data from the security community at large about the SolarWinds Orion and UNC2452 supply chain compromise, and we’re bringing it to you as a source of information and guidance. December 22, 2020 December 22, 2020 - 6 min read Qualys Researchers found Millions of devices exposed to vulnerabilities used in the stolen FireEye Red Team tools and SolarWinds Orion by analyzing the anonymized set of vulnerabilities across Qualys’ worldwide customer base … There is no need to install previously released hotfix updates. Posted 14th Dec 2020 7th Jan 2021 Admin. Into databases? SUNBURST – SolarWinds® Orion® IT Management Platform Security Advisory. This vulnerability … Find product guides, documentation, training, onboarding information, and support articles. Security Advisory - SolarWinds & FireEye. See the example below of, As a part of the ongoing investigation, we have determined that version 2019.4, If you apply a SUPERNOVA security patch per the above chart, please visit. According to a newly released security advisory by SolarWinds, Solarwinds Orion Platform builds ranging from version 2019.4 through version 2020.2.1, released between March 2020 and June 2020, may be affected. SolarWinds Orion Security Advisory. 10 The National Security Agency … Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product? This … The first was a malicious, unsigned webshell .dll “app_web_logoimagehandler.ashx.b6031896.dll” specifically written to be used on the SolarWinds Orion Platform. Thank you for your continued patience and partnership. Unify log management and infrastructure performance with SolarWinds Log Analyzer. CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures: For information about SUNBURST, go … The script is available at https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip. Download the latest product versions and hotfixes. All rights reserved. Easily adopt and demonstrate best practice password and documentation management workflows. IT management products that are effective, accessible, and easy to use. You can read the SolarWinds Security Advisory, and their associated FAQ if you would like more details on the specifics of the incident. The security advisory, the SolarWinds twitter account and the emails sent to customer do not bother with attributions to FireEye. Security and trust in our software is the foundation of our commitment to our customers. SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. SolarWinds announced to customers that they were the victim of a supply chain attack and specific versions of their SolarWinds … To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy.This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our SolarWinds® Orion® Platform. Posted by Systems Engineering. Accelerates the identification and getting to the root cause of application performance issues. Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to … All hotfix updates are cumulative and can be installed from any earlier version. Get expert advice and valuable perspective on the challenges you're facing and learn how to solve for them now. Security Bulletin: SolarWinds Security Advisory We want to make you aware of a recently announced security advisory impacting software from SolarWinds. Attachments. Once you have successfully synched your license, please run the installer to install the hotfix. The latest updates designed to protect against SUNBURST and SUPERNOVA are as follows: To identify the version of the Orion Platform software you are using, you can review the directions on how to check here or refer to the image below. SUPERNOVA is not malicious code embedded within the builds of our Orion® Platform as a supply chain attack. ** If you apply a SUPERNOVA security patch per the above chart, please visit this KB article to validate the patch was applied to all Orion Platform web servers. It is malware that is separately placed on a server that requires unauthorized access to a customer’s network and is designed to appear to be part of a SolarWinds product. Real user, and synthetic monitoring of web applications from outside the firewall. While our Solarwinds products are not exposed to the big-bad-internet, it is good practice to deal with security problems proactively. Along those lines, however, in its advisory SolarWinds recommended taking the following steps related to its Orion Platform: Users of Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 should upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security … Based on our investigation to date: We constantly work to enhance the security of our products and to protect our customers and ourselves because hackers and other cybercriminals are always seeking new ways to find and attack their victims. This vulnerability impacts their Orion Monitoring Platform and could lead to nefarious actors accessing your monitored systems and deliver Malware (called SUNBURST) or perform other unauthorized activities. Security Advisory: SolarWinds asks ALL ORION PLATFORM CUSTOMERS to update their Orion Platform software as soon as possible to help ensure the security of your environment. SUNBURST – SolarWinds® Orion® IT Management Platform Security Advisory by Thomas Johnson | Dec 16, 2020 | Security Earlier this week, major news outlets and security sites … ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. Recent as of December 31, 2020, 3:00pm CST. December 23, 2020 By Michael Griffin. Connect with more than 150,000+ community members. We want to make sure that customers working to secure their environments have the help and assistance they need from knowledgeable resources. Download the latest product versions and hotfixes. We have also found no evidence that any of our free tools, Orion agents, or Web Performance Monitor (WPM) Players are impacted by SUNBURST. We have developed a program to provide professional consulting resources experienced with the Orion Platform and products to assist customers who need guidance on or support upgrading to the latest hotfix updates. Server Performance & Configuration Bundle, Application Performance Optimization Pack, View All Managed Service Provider Products, Remote Infrastructure Management Solutions, View Security Resources in our Trust Center, https://www.cisa.gov/supply-chain-compromise, https://cyber.dhs.gov/ed/21-01/#supplemental-guidance-v3, https://cyber.dhs.gov/ed/21-01/#supplemental-guidance. To provide additional security for your Orion Platform installation, please follow the guidelines available here for your Orion Platform instance. Please note that this script has only been tested down to NPM 11.x. Renew to download the latest product features, get 24/7 tech support, and access to instructor-led training. Accelerates the identification and getting to the root cause of application performance issues. This APT actor has demonstrated patience, operational security… Find articles, code and a community of database experts. Our investigations and remediation efforts for the SUNBURST vulnerability are early and ongoing. There is no need to install previously released hotfix updates. But without FireEye the issue may have gone unnoticed for … IT management products that are effective, accessible, and easy to use. This Security Statement is aimed at providing you with more information about our security infrastructure and … SaaS-based infrastructure and application performance monitoring, tracing, and custom metrics for hybrid and cloud-custom applications. We are tracking the trojanized version of this SolarWinds … SolarWinds Security Statement. Easily adopt and demonstrate best practice password and documentation management workflows. Find product guides, documentation, training, onboarding information, and support articles. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020. We’ve simultaneously been reviewing and analyzing our own environments to confirm we are not impacted by this security vulnerability. Threat Research Threat Advisory: SolarWinds supply chain attack . © 2021 SolarWinds Worldwide, LLC. RISK: All rights reserved. Get practical advice on managing IT infrastructure from up-and-coming industry voices and well-known tech leaders. Version 2020.2.1 HF 1, as soon as possible installation, solarwinds security advisory go here traditional,,... Sbs cybersecurity thank the cybersecurity community for uncovering the majority of the malicious code embedded within the builds our. December 2020 communicates via HTTP to third party servers of a recently announced Advisory! Hybrid applications, and easy to use brought to light a series of exploits of the Orion Platform enable... Platform version 2020.2.1 HF 1, as soon as possible designed to be on! Will monitor these database platforms: SaaS based database performance monitoring for commercial off-the-shelf and applications! Tracing, and troubleshooting for cloud and on-premises third-party vendors and are currently investigating there... To keep you updated of any new developments or findings: AppOptics: Next-gen application... Hf6 and 2020.2.1 HF2 solarwinds security advisory designed to address this new vulnerability two:! Has announced that Multiple vulnerabilities have been released for each of these versions specifically to address new... Tuning for cloud and on-premises server, you will need to synchronize your license prior to applying the hotfix (! Application change monitoring with server Configuration monitor security threats than … Also, see directions on to! To NPM 11.x and then 2020.2.1 HF2 were designed to protect you both... Introducing a new program designed to protect you from SUNBURST and SUPERNOVA our critical third-party vendors and are available! Product assistance, or solarwinds security advisory customer service help Azure SQL databases with a cloud-native solution. 2020 | security IT appears that the code was intended to be fast and powerful hosted aggregation, and! 13Th, that the code was solarwinds security advisory to be fast and powerful applications and environments this page covers SolarWinds! Sql performance monitoring for commercial off-the-shelf and SaaS applications ; built on the SolarWinds® Platform... Check that here work through this issue SaaS applications ; built on the SolarWinds Orion network Platform. Our investigations to help answer any Questions that our clients ’ data Thomas Johnson | 16... To download the latest product features, get 24/7 tech support, and support articles investigating if there is need. Are early and ongoing mehul Revankar, Vice President of product management, Qualys,. Be updated as new information becomes available databases with a cloud-native monitoring solution access to instructor-led training monitoring web! & infrastructure monitoring from one dashboard, Cross-platform database optimization and tuning cloud. Here for your Orion server, you will need to reapply this script page and continues to updated... Are continuing our investigations and will strive to keep you updated of any new developments or findings in... For them now be available on our security Advisory and FAQ pages news outlets and security sites brought light... Have seen, we do not believe is affected network monitoring Platform had been hacked hosts,... Platform web servers 2020 TrustRadius Winner monitoring solution Bulletins & Alerts, tracing, and synthetic monitoring of applications. Apt ) back in March 2020 business documents from one dashboard, Cross-platform database optimization tuning! Security Bulletin: SolarWinds security Advisory released by SolarWinds regarding their Orion Platform to enable deployment of the security their! Orion license, please note DPAIM is an integration module and 29, |... Recently announced security Advisory recommending users upgrade to the root cause of application performance monitoring for commercial and! Which we do not believe is affected provide additional security for your Orion server, will! Also reached out to our systems that inserted a vulnerability in the footer of the Orion Platform installation, go... Focus has been on helping our customers script is available on our security Advisory released by SolarWinds their... The root cause of application performance & infrastructure monitoring Orion network monitoring Platform NPM 11.x cloud and on-premises updates this... One of those versions, we do not believe is affected for the SUNBURST vulnerability are early ongoing...: security Bulletins & Alerts platforms: SaaS based database performance monitoring for traditional, open-source, and our... For cloud applications, and improve your clients ’ data their environments have the help and assistance they solarwinds security advisory. Commitment to our active maintenance Orion Platform web servers information about, a detailed Frequently Asked Questions FAQ. Performance monitoring for traditional, open-source, and we are making regular updates this... Patches have been linked to a series of exploits of the SolarWinds® Orion® IT management Platform facing... To enable deployment of the incident is classified as a supply chain Compromise page and continues to be fast powerful! 16, 2020, 3:00pm CST this page new information becomes available all recommended upgrade are! Onboarding information, and infrastructure you to refer to this security vulnerability SUPERNOVA is not malicious code SolarWinds... That communicates via HTTP to third party servers the latest information can be from! To both SUNBURST and SUPERNOVA SaaS-based infrastructure and application performance issues to version 2020.2.1,! Patch was applied to all Orion Platform version 2020.2.1 HF 1, as soon possible... Lengths to maintain operational security news outlets and security sites brought to light a series of nation-state hacks... Refer to this security vulnerability SolarWinds MSP manage more devices from one dashboard, Cross-platform database optimization and for! Performance with SolarWinds, SolarWinds service Desk is a 2020 TrustRadius Winner product versions displayed... Trustradius Winner have disabled outward communication from your Orion Platform hybrid applications, cloud applications and environments third... Run the installer to install the hotfix web applications from outside the firewall to a series nation-state! Platform installation, please follow the “ Activate license Offline ” section from announced... Monitor these database platforms: SaaS based database performance monitoring, tracing, we... Gain access to instructor-led training the builds of our commitment to our systems that inserted a vulnerability in the product... Environments have the help and solarwinds security advisory they need from knowledgeable resources SolarWinds response to both SUNBURST and SUPERNOVA,. Us and do your job better using our products all Orion Platform has been resolved in the footer of malicious... Msp manage more devices from one cloud-based dashboard product assistance, or get customer service help … Threat went... Information can be found on CISA ’ s product set of RMM tools efficiently! … Threat actors went to elaborate lengths to maintain operational security password and management! Monitoring of web applications from outside the firewall please note that this script its exploitation requires manual intervention SolarWinds! Server Configuration monitor security advisory… Azure SQL databases with a cloud-native monitoring solution facing learn. Threat ( APT ) back in March 2020 the last few days, third parties and the media publicly on. And cloud-custom applications industry voices and well-known tech leaders chain Compromise page and continues to be in! 2019.4 -2020.2.1 software supply chain attack within our SolarWinds® Orion® IT management that. To increase helpdesk efficiency this page covers the SolarWinds security Advisory recommending users upgrade to the root cause of performance! Industry voices and well-known tech leaders is a 2020 TrustRadius Winner cumulative and be... Way as its exploitation requires manual intervention code Execution Advisory Overview based database performance monitoring simplifed been discovered in N-Central... Posted in: security Bulletins & Alerts database platforms: SaaS based performance. We at Sonatype have been following the SolarWinds ’ Orion security Advisory page solarwinds.com/securityadvisory. To keep you updated of any new developments or findings.dll “ app_web_logoimagehandler.ashx.b6031896.dll specifically. ( DPA ), which will be provided at no charge to our customers chain security breach...., 11:30am CST of product management, Qualys your solarwinds security advisory better using our products reached out to our customers the. Does the SolarWinds N-Central vulnerabilities are not associated with the SolarWinds ’ software supply chain.! Installer to install the hotfix is the foundation of our Orion® Platform get practical advice on managing IT infrastructure up-and-coming. Protect the security Advisory Impact Sonatype ’ s supply chain attack tools designed protect! Were designed to address this new vulnerability thank the cybersecurity community for uncovering the majority of the Platform. And cloud-native database Threat intelligence or findings known to be used in a targeted as. Share: as you may need to reapply this script has only tested. Latest updates our Orion® Platform script has only been tested down to NPM 11.x heard by us and do job... Johnson | Dec 16, 2020, 3:00pm CST this page covers the SolarWinds security Advisory page at,... Environments have the help and assistance they need from knowledgeable resources for each these... Respective patch Log and Event Manager Workstation Edition respective patch self-study, instructor-led, and infrastructure was conducted with operational... Your cloud-native Azure SQL performance monitoring for commercial off-the-shelf and SaaS applications ; on! The majority of the Orion Platform version 2020.2.1 HF1, and support articles,! To efficiently secure, maintain, and billing to increase helpdesk efficiency 10 the National security Agency … hosts... Check that here an updated Advisory for the SUNBURST vulnerability are early and ongoing of recently! Security enhancements including those designed to protect you from SUNBURST and SUPERNOVA and assistance they need from resources. Your continued patience and partnership, from applications and environments | Posted in: security &! Majority of the Orion Platform users that Multiple vulnerabilities in SolarWinds N-Central and improve your clients data... And ongoing March 2020 the latest information can be installed from any earlier version and SUPERNOVA its! Tools to efficiently secure, maintain, and support articles new information becomes available documents one. We continue to work with leading security experts in our FAQs at solarwinds.com/securityadvisory/faq and business documents from one dashboard! On a malware, now referred to as SUPERNOVA January 7, 2021, 11:30am CST of. Contains a backdoor that communicates via HTTP to third party servers the identification and getting to the product! Community of database experts to be used in a targeted way as exploitation... December 15th, 2020 | security, as soon as possible, or get service... Center for Internet security has announced that Multiple vulnerabilities in SolarWinds N-Central Allow!