Security News > 2020 > December > SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack
2020-12-15 22:08

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign.

In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to secure their environments.

"We have scanned the code of all our software products for markers similar to those used in the attack on our Orion Platform products identified above, and we have found no evidence that other versions of our Orion Platform products or our other products or agents contain those markers."

The Windows maker also said it plans to start blocking known malicious SolarWinds binaries starting today at 8:00 AM PST. Meanwhile, security researcher Mubix "Rob" Fuller has released an authentication audit tool called SolarFlare that can be run on Orion machines to help identify accounts that may have been compromised during the breach.

SolarWinds estimates that as many as 18,000 of its customers may have been impacted by the supply chain attack.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/AEB9hSboWFg/solarwinds-issues-second-hotfix-for.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215