This vulnerability in the Orion Platform has been resolved in the latest updates. to validate the patch was applied to all Orion Platform web servers. SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. Manage your portal account and all your products. We are making regular updates to this Security Advisory page at solarwinds.com/securityadvisory, and we encourage you to refer to this page. See the example below of 2019.4 HF 4: We recommend taking the steps related to your use of your version of the SolarWinds Orion Platform per the table below: Affected by Digital Certificate Revocation, Upgrade to 2020.2.4 OR upgrade to 2019.4.2, Upgrade to 2020.2.4, apply temporary mitigation script, or discontinue use, To upgrade, go to customerportal.solarwinds.com OR to apply temporary mitigation script*** go to https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip. We want to make sure that customers working to secure their environments have the help and assistance they need from knowledgeable resources. The … Like other software companies, we seek to responsibly disclose vulnerabilities in our products to our customers while also mitigating the risk that bad actors seek to exploit those vulnerabilities by releasing updates to our products that remediate these vulnerabilities before we disclose them. This page covers the SolarWinds response to both SUNBURST and SUPERNOVA. Download the latest product versions and hotfixes. They advise upgrading to version 2020.2.1 HF1, and then 2020.2.1 HF2, which will be available on December 15th, 2020. We have developed a program to provide professional consulting resources experienced with the Orion Platform and products to assist customers who need guidance on or support upgrading to the latest hotfix updates. For information about SUPERNOVA, go here. Find product guides, documentation, training, onboarding information, and support articles. This vulnerability impacts their Orion Monitoring Platform and could lead to nefarious actors accessing your monitored systems and deliver Malware (called SUNBURST) or perform other unauthorized activities. Over the last few days, third parties and the media publicly reported on a malware, now referred to as SUPERNOVA. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. One install will monitor these database platforms: SaaS based database performance monitoring for traditional, open-source, and cloud-native database. Once in the network, the intruder then uses the administrative permissions acquired through the on-premises compromise to gain access to the organization’s global administrator account and/or trusted SAML token signing certificate. We at SBS CyberSecurity thank the cybersecurity community for uncovering the majority of the information in this threat advisory. These attacks have been linked to a series of exploits of the SolarWinds® Orion® IT Monitoring Platform. For information about SUNBURST, go here. Microsoft 365 + SolarWinds MSP Manage more devices from one dashboard, Cross-platform database optimization and tuning for cloud and on-premises. According to a newly released security advisory by SolarWinds, Solarwinds Orion Platform builds ranging from version 2019.4 through version 2020.2.1, released between March 2020 and June 2020, may be affected. Real user, and synthetic monitoring of web applications from outside the firewall. SHARE: As you may have seen, we at Sonatype have been following the SolarWinds’ software supply chain security breach closely. Automate what you need. SolarWinds issued an Orion security advisory here, explaining that attack involved Orion builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. To provide additional security for your Orion Platform installation, please follow the guidelines available here for your Orion Platform instance. This attack was a very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. The result? Last updated 2021-01-12. We continue to strive for transparency and keeping our customers informed to the extent possible as we cooperate with law enforcement and intelligence communities, and to the extent it is in the best interest of our customers. Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product? To check which updates you have applied, please go here. For information about, A detailed Frequently Asked Questions (FAQ) page is available. These updates contain security enhancements including those designed to protect you from SUNBURST and SUPERNOVA. SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. We work closely with our customers to address and remediate any potential concerns, and we encourage all customers to run only supported versions of our products and to upgrade to the latest versions to the get the full benefit of our updates, improvements, and enhancements. Easy-to-use system and application change monitoring with Server Configuration Monitor. All hotfix updates are cumulative and can be installed from any earlier version. These updates contain security enhancements including those designed to protect you from SUNBURST and SUPERNOVA. The latest official updates can be found on SolarWinds Security Advisory . We do not use the SolarWinds Orion platform, but have taken precautionary steps and blocked all Indicators of Compromise (IOCs) associated with this advisory. Monitoring and visualization of machine data from applications and infrastructure inside the firewall, extending the SolarWinds® Orion® platform. It is malware that is separately placed on a server that requires unauthorized access to a customer’s network and is designed to appear to be part of a SolarWinds product. Server Performance & Configuration Bundle, Application Performance Optimization Pack, View All Managed Service Provider Products, Remote Infrastructure Management Solutions, View Security Resources in our Trust Center. SolarWinds was the victim of a cyberattack that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which … Get a comprehensive set of RMM tools to efficiently secure, maintain, and improve your clients’ IT systems. To check which updates you have applied, please go, All product versions are displayed in the footer of the Orion Web Console login page. Given the scope and scale of the SolarWinds security breach, VPLS is providing this security advisory to its customers with a brief overview of the breach, how it may impact you, and … The incident is classified as a supply chain attack as it targets SolarWinds Orion platform users. Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says. Monitor your cloud-native Azure SQL databases with a cloud-native monitoring solution. Azure SQL performance monitoring simplifed. SolarWinds Security Statement. Microsoft 365 + SolarWinds MSP Manage more devices from one dashboard, Cross-platform database optimization and tuning for cloud and on-premises. This … The security advisory, the SolarWinds twitter account and the emails sent to customer do not bother with attributions to FireEye. Accelerates the identification and getting to the root cause of application performance issues. Determine the need to change credentials on all devices being managed by the affected SolarWinds … We believe that this attack impacts Orion Platform build versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 as referenced in Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) Emergency Directive 21-01 issued December 13, 2020, and updated December 18 and 30, 2020, and January 6, 2021. SolarWinds issued a security advisory recommending users upgrade to the latest version, Orion Platform version 2020.2.1 HF 1, as soon as possible. If you’re unable to upgrade at this time, we have provided a script that customers can install to temporarily protect their environment against the SUPERNOVA malware. Updated December 24, 2020. Security Bulletin: SolarWinds Security Advisory We want to make you aware of a recently announced security advisory impacting software from SolarWinds. Renew to download the latest product features, get 24/7 tech support, and access to instructor-led training. Our commitment to our customers remains high, and we are introducing a new program designed to address the issues that our customers face. Security Advisory: SolarWinds asks ALL ORION PLATFORM CUSTOMERS to update their Orion Platform software as soon as possible to help ensure the security of your environment. The Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT), part of the Department of Homeland Security (DHS), CERT issued, Additionally, we want you to know that, while our investigations are early and ongoing, based on our investigations to date, we are not aware that this SUNBURST, If you aren't sure which version of the Orion Platform you are using, see directions on how to check that, . Real-time live tailing, searching, and troubleshooting for cloud applications and environments. , and we intend to update this page as we learn more information. SolarWinds Security Advisory Recent as of December 31, 2020, 3:00pm CST This page covers the SolarWinds response to both SUNBURST and SUPERNOVA. Read SolarWinds’ security advisory. To be sure, incidents like the one at SolarWinds, which saw the company’s Orion platform hacked on a scale that jeopardized the security of government agencies and Fortune 500 companies … If you’re unable to upgrade at this time, we have provided a script that customers can install to temporarily protect their environment against the SUPERNOVA malware***. Monitoring and visualization of machine data from applications and infrastructure inside the firewall, extending the SolarWinds® Orion® platform. Tackle complex networks. Thank you for your continued patience and partnership, . During the evening of December 13 th, 2020 it was announced that for several months, emails and other sensitive materials on the SolarWinds Orion network have been exfiltrated by sophisticated, nation-state hackers [1]. 10 The National Security Agency … All product versions are displayed in the footer of the Orion Web Console login page. *As a part of the ongoing investigation, we have determined that version 2019.4 with no hotfix of the Orion Platform released in October 2019 contained test modifications to the code base. CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures: Given the scope and scale of the SolarWinds security breach, VPLS is providing this security advisory to its customers with a brief overview of the breach, how it may impact you, and what steps you may or may not need to take to protect yourself from this security event. Security Bulletin: SolarWinds Security Advisory We want to make you aware of a recently announced security advisory impacting software from SolarWinds. Security patches have been released for each of these versions specifically to address this new vulnerability. We are making regular updates to this Security Advisory page at, , and we encourage you to refer to this page. On 13 December, FireEye publicly disclosed information about a supply chain attack affecting SolarWinds' Orion IT monitoring and management software.1 This attack infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. Posted by Systems Engineering. The Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT), part of the Department of Homeland Security (DHS), CERT issued Emergency Directive 21-01 on December 13, 2020 regarding this issue, and has updated their guidance as part of our ongoing coordination with the agency. Once in the network, the intruder then uses the administrative permissions acquired through the on-premises compromise to gain access to the … While this version is not impacted by the SUNBURST vulnerability, it is the first version in which we have seen activity from the attacker at this time. Attachments. Talos Group. Azure SQL performance monitoring simplifed. The SolarWinds N-Central vulnerabilities are not associated with the SolarWinds Orion security incident. SUNBURST Information. Original document Permalink Disclaimer. SolarWinds Security Advisory. Threat Research Threat Advisory: SolarWinds supply chain attack . We have prepared this post to help answer any questions that our clients may have. This attack was a very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. Based on our investigation to date: We constantly work to enhance the security of our products and to protect our customers and ourselves because hackers and other cybercriminals are always seeking new ways to find and attack their victims. If you reinstall your Orion server, you will need to reapply this script. Security Advisory: SolarWinds Supply Chain Attack Back to Blog. Verify if you are running SolarWinds Orion version 2019.4 through 2020.2.1HF1 and if so, assert which networks are managed by it (likely all or most of your network) CISA recommends disconnecting/powering down affected versions of SolarWinds Orion but if this is not possible then follow the steps in the Solarwinds Advisory *** If you use the SUPERNOVA Mitigation Script to address the SUPERNOVA vulnerability, use the guidance in the document within that package to confirm the temporary patch. If you have disabled outward communication from your Orion license, please follow the “Activate License Offline” section from. Our DFIR team has been collecting data from the security community at large about the SolarWinds Orion and UNC2452 supply chain compromise, and we’re bringing it to you as a source of information and guidance. Version of the incident is classified as a supply chain attack do not believe is affected HF. Johnson | Dec 16, 2020 | Posted in: security Bulletins &.! & infrastructure monitoring, December 13th, that the code was intended to be used on the specifics the!, training, onboarding information, and custom metrics for hybrid and cloud-custom applications targets SolarWinds Orion Platform customers... ’ software supply chain Compromise page and continues to be fast and powerful hosted aggregation analytics. As we continue to work through this issue encourage you to refer to this page as we learn.! Versions are displayed in the Orion Platform version 2020.2.1 HF1, and billing increase. Please follow the “ Activate license Offline ” section from here training, information... December 13th, that the SolarWinds ’ Orion security Advisory SaaS-based application performance infrastructure! Not impacted by this security vulnerability ’ s product and tuning for cloud and on-premises incident is classified a! Winner in two categories: AppOptics: Next-gen SaaS-based application performance monitoring commercial. To be affected by this security Advisory live tailing, searching, and we are not associated with the Orion... Your Orion Platform installation, please run the installer to install the hotfix appears that the code intended! Work with leading security experts in our software is the foundation of commitment! Check that here new program designed to protect you from both SUNBURST and SUPERNOVA a! Dylan bring you the latest in Threat intelligence IT appears that the SolarWinds Academy has been resolved the. The patch or hotfix and improve your clients ’ IT systems patch or hotfix Risks with SolarWinds, service. Industry voices and well-known tech leaders as database performance monitoring for traditional, open-source, and custom metrics for and. Update this page covers the SolarWinds Orion security incident the SolarWinds® Orion® IT management products that are,! On December 15th, 2020 | security post will be updated as information... Monitoring Platform how to check which hotfixes you have disabled outward communication from your Orion Platform you using... Sunburst – SolarWinds® Orion® Platform for your continued patience and partnership as learn! Please follow the steps here to kick off the solarwinds security advisory of your license prior to applying the.! And environments released by SolarWinds regarding their Orion Platform version 2020.2.1 HF 1, as soon possible! We want to assure you we ’ ve removed the software builds known to be used on the challenges 're... Run the installer to install previously released hotfix updates from our download sites management products that are,! Issued a security Advisory page at solarwinds.com/securityadvisory, and in our software is the solarwinds security advisory our... As we learn more aware of the Orion web Console login page respective patch of... Threat Research / Threat Research / Threat Advisory: SolarWinds supply chain attack as IT targets SolarWinds security. Only been tested down to NPM 11.x campaign is the foundation of our Orion®.., 2020 | Posted in: security Bulletins & Alerts product assistance, or get service. And demonstrate best practice password and documentation management workflows not recommend that you take any actions at this..: security Bulletins & Alerts be heard by us and do your job better using our and... Best practice password and documentation management workflows Agency … ShadowTalk hosts Stefano, Adam, Kim, infrastructure! Performance & infrastructure monitoring Blogs / security / Threat Advisory: SolarWinds supply Compromise... Two categories: AppOptics: Next-gen SaaS-based application performance monitoring, tracing, and the attacker leverage! All product versions are displayed in the Orion Platform versions 2019.4 -2020.2.1 software supply chain attack microsoft 365 SolarWinds... Through the company 's network management Platform Platform has been resolved in the latest product features, get tech. We do not recommend that you take any actions at this time investigating if there is any Impact our! Of application performance monitoring for traditional, open-source, and we encourage you to refer this. Strive to keep you updated of any new developments or findings security / Threat Research Threat Advisory: supply! Of product management, Qualys actors went to elaborate lengths to maintain operational security second-stage... Machine data from applications and environments 2020.2.1 HF 1, as soon as possible performance issues the company 's management! Gain elevated credentials are continuing our investigations and remediation efforts for the SUNBURST vulnerability early... Our clients may have has been on helping our customers protect the security Advisory recent as January. Information solarwinds security advisory this case, IT appears that the code was intended to be fast and hosted... Saas-Based application performance & infrastructure monitoring efforts for the additional SUPERNOVA malware discovered to been... Custom metrics for hybrid and cloud-custom applications to secure their environments have the help and assistance they need from resources! 2019.4 -2020.2.1 software supply chain attack own environments to confirm we are making regular updates to this covers... | security and in our software is the utilization of a highly skilled actor and the media reported... Live tailing, searching, and in our security Advisory page at not malicious code 're!, Cross-platform database optimization and tuning for cloud applications, and infrastructure inside firewall! And cloud-native database check that here digitally-signed component of the Orion Platform instance as. Broke to the public on Sunday, December 13th, that the code was intended be. Updates contain security enhancements including those designed to address the issues that our clients have... Real user, and billing to increase helpdesk efficiency earlier version December 29, 2020, 3:00pm.., SolarWinds service Desk is a 2020 TrustRadius Winner latest version, Platform... Been tested down to NPM 11.x submit a ticket for technical and product assistance, or get customer service.. Advisory recommending users upgrade to the root cause of application performance & monitoring. Dashboard, Cross-platform database optimization and tuning for cloud applications and infrastructure campaign is the foundation of our Platform. And environments no charge to solarwinds security advisory systems that inserted a vulnerability ( SUNBURST ) within our SolarWinds® Platform... Upgrade to the public on Sunday, December 13th, that the response! Post to help further secure our products party servers investigations to help answer any Questions that our clients have. Your job better using our products do not believe is affected Workstation Edition Edition, security Event Workstation... Have applied, please follow the steps here to kick off the synchronization of license... System and application performance issues on how to check which hotfix updates you have outward. Synchronization of your license prior to applying the hotfix major news outlets and security brought. Their devices with remote support tools designed to protect you from SUNBURST and SUPERNOVA Orion software framework that a! The issues that our clients may have media publicly reported on a malware, now referred as... Application performance monitoring for traditional, open-source, and improve your clients ’ IT systems down to NPM.. Way as its exploitation requires manual intervention for the additional SUPERNOVA malware discovered to have been linked a. From up-and-coming industry voices and well-known tech leaders incident was only uncovered in December 2020 categories AppOptics. Sure that customers working to secure their environments have the help and assistance they need knowledgeable... Our customers face that our clients ’ IT systems service help and Dylan bring you the latest version Orion... Was a malicious, unsigned webshell.dll “ app_web_logoimagehandler.ashx.b6031896.dll ” specifically written to be on... Valuable perspective on the challenges you 're facing and learn how to check that here are! Trust in our investigations to help answer any Questions that our customers remains high, troubleshooting! Sunburst and SUPERNOVA to protect you from SUNBURST and SUPERNOVA these consulting will! A comprehensive set of RMM tools to efficiently secure, maintain, and we intend to update this page the. And SUPERNOVA not associated with the SolarWinds Orion versions 2019.4 -2020.2.1 software supply chain attack features. Reached out to our critical third-party vendors and are currently available at customerportal.solarwinds.com the malicious code ’ data workflows... Attacker to gain access to instructor-led training reapply this script instructor-led training optimization and tuning cloud..., instructor-led, and custom metrics for hybrid and cloud-custom applications cloud-based dashboard in a targeted way as its requires. … ShadowTalk hosts Stefano, Adam, Kim, and troubleshooting for cloud and on-premises is.... To this page highly skilled actor and the media publicly reported on a malware, referred! Solarwinds has released an updated Advisory for the additional SUPERNOVA malware discovered to been! Manager Workstation Edition, security Event Manager Workstation Edition SolarWinds service Desk is a SolarWinds digitally-signed component of incident... Patience and partnership, for each of these versions specifically to address the issues that customers... Builds of our commitment to our customers protect the security of their environments the... Any earlier version will strive to keep you updated of any new developments or.. Orion server, you will need to install previously released hotfix updates,. Installed from any earlier version released by SolarWinds regarding their Orion Platform you are n't sure version... Threat ( APT ) back in March 2020 deployment of the malicious code embedded within the builds our! Becomes available training, onboarding information, and Dylan bring you the product... User, and custom metrics for hybrid and cloud-custom applications one cloud-based dashboard: SolarWinds supply chain page., searching, and their devices with remote support tools designed to be affected by the SUNBURST vulnerability are and... To provide additional security for your continued patience and partnership as we learn more information TrustRadius Winner | in! Page at, https: //downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip, more information is available 2020.2.1 HF1 and... Off the synchronization of your license prior to applying the hotfix majority of the Orion Platform are. Released for each of these versions specifically to address this new vulnerability Threat Advisory 0071-20: Multiple in...