SolarWinds Orion Security Advisory
Updated December 24, 2020
SolarWinds was the victim of a cyberattack that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. This attack was a very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker.
Additionally, we want you to know that, while our investigations are ongoing, based on our investigations to date, we have found no evidence that our SolarWinds MSP products are vulnerable to the SUNBURST supply chain attack.
- The Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) issued Emergency Directive 21-01 regarding the SUNBURST vulnerability on December 13, 2020.
- CERT issued Alert (AA20-352A), titled Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, as an update to ED 21-01 on December 17, 2020, based on our coordination with the agency.
Over the last few days, you may have become aware of reported malware, now referred to as SUPERNOVA. Based on our investigation, this malware could be deployed through an exploitation of a vulnerability in the Orion Platform.
SolarWinds provided two hotfix updates on December 14 and 15, 2020 that contained security enhancements, including those designed to prevent certain versions of the Orion Platform products from being exploited in a SUPERNOVA attack.
The company also released similar updates for all other supported versions of the Orion Platform products and a fix for customers on unsupported versions of these products.
The vulnerability that can be exploited to deploy SUPERNOVA is in the Orion Platform products and does not impact the SolarWinds MSP products.
SolarWinds MSP operates as a wholly-owned subsidiary of our parent SolarWinds Corp.
For Orion customers, Orion Platform versions 2019.4 HF6 and 2020.2.1 HF2 were designed to protect you from both SUNBURST and SUPERNOVA.
We recommend that all active maintenance customers of Orion Platform products, except those customers already on Orion Platform versions 2019.4 HF6 or 2020.2.1 HF2, apply the latest updates related to the version of the product they have deployed, as soon as possible.
Today, December 24, 2020, SolarWinds released similar updates for all other supported versions of our Orion Platform products and a fix for customers on unsupported versions of these products. Now that these updates are available, we are providing the information that Orion Platform customers need to mitigate this issue.
Like other software companies, we seek to responsibly disclose vulnerabilities in our products to our customers while also mitigating the risk that bad actors seek to exploit those vulnerabilities by releasing updates to our products before we disclose the vulnerabilities. The updates for SUPERNOVA were originally issued on December 14 and 15, and additional updates were issued on December 24, 2020 to further assist customers on other versions.
We constantly work to enhance the security of our products and to protect our customers and ourselves because hackers and other cybercriminals are always seeking new ways to find and attack their victims. We work closely with our customers to address and remediate any potential concerns, and we encourage all customers to run only supported versions of our products and to upgrade to the latest versions to the get the full benefit of our updates, improvements, and enhancements.
Additionally, we have been working with third-party cybersecurity experts to assist us in further ensuring the security of our build environment.
A Frequently Asked Questions (FAQ) page is available here, and we intend to update this page regularly as we learn more information.
If you use a SolarWinds Orion product, we recommend you visit SolarWinds Security Advisory and SolarWinds CERT Advisory for more detailed information. If you have any immediate questions, please don’t hesitate to contact Customer Support at 1-866-530-8040 or [email protected].
Security and trust in our software are the foundation of our commitment to our customers. Thank you for your continued patience and partnership as we continue to work through this situation.