SolarWinds Releases Updates to Address Vulnerability Related to SUPERNOVA Malware

49
SolarWinds

SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today announced it released updates in response to the SUPERNOVA malware for all supported versions of SolarWinds® Orion® Platform products and a fix for customers on unsupported versions of these products.

Third parties and the media have publicly reported on a malware, now referred to as SUPERNOVA. Based on SolarWinds’ investigation, this malware could be deployed through exploitation of a vulnerability in the Orion Platform. Like other software companies, SolarWinds seeks to responsibly disclose vulnerabilities in its products to customers, while also mitigating the risk that bad actors seek to exploit those vulnerabilities, by releasing updates to their products before the company discloses the vulnerabilities.

SolarWinds provided two hotfix updates on December 14 and 15, 2020, that contained security enhancements, including those designed to prevent certain versions of the Orion Platform products from being exploited in a SUPERNOVA attack.

Read More: Top Strategies CISOs Can Use to Control Hefty Security Costs

The company also released similar updates for all other supported versions of the Orion Platform products and a fix for customers on unsupported versions of these products.

SolarWinds recommends that all active maintenance customers of Orion Platform products, except those customers already on Orion Platform versions 2019.4 HF6 or 2020.2.1 HF2, apply the latest updates related to the version of the product they have deployed, as soon as possible. Customers can visit the SolarWinds Security Advisory page for instructions for and access to these updates.

These updates include versions:

  • 2019.4 HF 6 (released on Dec 14, 2020)
  • 2020.2.1 HF 2 (released on Dec 15, 2020)
  • 2019.2 Security Patch (released on Dec 23, 2020)
  • 2018.4 Security Patch (released on Dec 23, 2020)
  • 2018.2 Security Patch (released on Dec 23, 2020)

If customers are unable to upgrade at this time, or are running a version prior to 2018.2, SolarWinds is providing a script that customers can quickly install to help protect their environment. The script is available on the Security Advisory page.

SolarWinds’ focus has been on helping customers protect the security of their environments. The company’s commitment to customers remains high, and they are introducing a new program designed to address the issues that customers face.

Read More: Lessons learned from Public Key Infrastructure

SolarWinds has developed a program to provide professional consulting resources experienced with the Orion Platform and products to assist customers who need guidance on or support upgrading to the latest hotfix updates. These consulting services will be provided at no charge to active maintenance Orion Platform product customers. The company wants to make sure that customers working to secure their environments have the help and assistance they need from knowledgeable resources.