December 15, 2020 | SSS GRC Team
Around 18:30 last night (14/12/2020) CERT NZ released an advisory regarding a critical vulnerability in the SolarWinds Orion network management platform. A known nation-state actor is actively exploiting this vulnerability and has already used it to compromise at least one major cybersecurity company (FireEye) and multiple US Government agencies (Department of the Treasury and the Commerce Department).
CERT NZ is advising anyone using SolarWinds Orion versions 2019.4 through 2020.2.1 to immediately isolate the hosting server and apply hotfix 2020.2.1 HF 1, and then immediately apply hotfix 2020.2.1 HF 2 upon its release (anticipated 16/12/2020).
CERT NZ additionally recommends changing the passwords for all accounts accessible by the Orion servers and verifying the configurations of all network devices managed by the Orion servers remain in an approved state.
SolarWindows has provided greater details, including exactly which components of the Orion network management platform are affected and a specific DLL that is a known indicator of compromise.
More information available here: