SolarWinds Sunburst/Supernova

Updated Dec 30,2020:

CISA has released updated guidance here:

Monalytic advises you read and review this guidance carefully for your own plan of action.

  • The National Security Agency (NSA) has examined version 2020.2.1 HF2 and verified it eliminates the previously identified malicious code.
  • All instances that remain connected to federal networks must be updated to 2020.2.1 HF2 by COB December 31, 2020.

Update Dec. 17, 2020:

 
CISA has released updated guidance here:
 

Monalytic advises you read and review this guidance carefully for your own plan of action.

  • Per CISA, Category 1 enterprises may patch SolarWinds and resume operations.
  • Verified Category 2 enterprises should ensure device hardening and may reinstall SolarWinds using verified sources with updated versions to resume operations consistent with their organizations risk evaluations.
  • Category 3 enterprises will need to follow the guidance outlined in the CISA link.

Update Dec. 16, 2020:

As of 8:00 am EST, SolarWinds has issued the following updates:

2020.2.1 HF 2 has been released for download. The 2020.2.1 HF 2 release both replaces the compromised component (as 2020.2.1 HF 1 did) and provides several additional security enhancements.

SolarWinds has published the following list of affected versions:

* Orion Platform 2020.2 HF 1
* Orion Platform 2020.2
* Orion Platform 2019.4 HF 5
If you are currently running one of the above releases, SolarWinds recommends the following actions be taken:

* If you’re currently running Orion Platform software version 2019.4 HF 5, install 2019.4 HF 6 or upgrade to 2020.2.1 HF 2.
* If you have upgraded to 2020.2.1 HF 1, SolarWinds states that you are running a good, updated version, but SolarWinds recommends you update to release 2020.2.1 HF 2.

SolarWinds has published a detailed FAQ for the code compromise and can be found here.

 

Update Dec. 15, 2020:

As of 10:15 am EST, these are the latest recommendations from Monalytic regarding the SolarWinds Vulnerability, based on guidance from SolarWinds, DCSA and CISA:

All non-government organizations should evaluate their own risk profile based on the threat information provided thus far as to determine what actions it should consider to include reviewing the guidance from CISA along with the guidance given below:
 
  • Prevent all SolarWinds servers from accessing the Internet (This is always a best practice). Allow egress exceptions only to known servers and ports for external monitoring
  • Remember to apply upgrades / hotfixes to all Scalability and High Availability servers as well as the main polling engine.
  • Customers running the Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 should upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. This version is currently available. Once 2020.2.1 HF2 is available (expected 12/15), customers should install HF2 as soon as possible.
  • Customers running the Orion Platform v2019.4 HF 5 should update to 2019.4 HF 6, which is now available at customerportal.solarwinds.com.
  • Customers with older versions of the Orion platform should wait to perform any upgrades until a new installer has been released for 2020.2.1 with the new hotfixes incorporated into the installer.

In addition, it is recommended to perform the following activities:

  • For the time being, consider restricting the scope of connectivity to endpoints from SolarWinds servers that would be considered critical assets.
  • Consider (at minimum) changing passwords for accounts that have access to SolarWinds servers/infrastructure.
  • If SolarWinds is used to manage networking infrastructure, consider conducting a review of network device configurations for unexpected/unauthorized modifications.
We are aware of the ongoing and evolving situation surrounding the SolarWinds Orion Code Compromise. We are working closely with SolarWinds as details and updated guidance emerge. At this point CISA (US Cybersecurity and Infrastructure Security Agency) recommends shutdown or network isolation of affected systems until further guidance can be released: https://cyber.dhs.gov/ed/21-01/.

You can check for known affected versions of SolarWinds using guidance in the above CISA link in addition to guidance given in the recently released Microsoft post here and Fireeye post here.

Official SolarWinds security advisory guidance can be found at this link: https://www.solarwinds.com/securityadvisory.
 
We are dedicated to providing assistance to our customers during this response period and will advise and update you of any critical information and guidance as soon as it is released.

Back to News