I'd be VERY concerned with the security of any existing Solarwinds Frontends that are deployed right now. SW has provided nothing saying they are resolving the compromises ON your servers, or even any assurance that your current server will be "cured" following the application of HF2. B/c chances are good, if actively compromised, they won't be. They only provide application patches. NOT patches to what ever was hacked/planted on your servers. All of us need to get over that idea. You need to wipe and reload your SolarWinds servers if you plan to continue using them as a platform. I would urge caution in thinking HF2 is the cure to what ails ya.
This is no longer a Solarwinds problem. This is an IT infrastructure problem and EVERY thing in your network is suspect at this point. You need to pick apart all of your IT, bit by bit, and verify. You need to think that everything that was touched by SW, or ANY ACCOUNT that ever used SW is compromised. If you don't do that, you will never know what is sitting around, quasi-dormant, and waiting to spring to life.
Our team assumed hackers have copies of every config on our network. (we take solace in knowing we only used this for the network (read, routers, and switches) monitoring, and its semi-trivial to evaluate) So anything in a configuration item ($9 passwords, snmp-rw, etc) that could be used against you MUST be changed. And changed in a way that if there are some residual thingies sitting around listening they cant hear it. Changing a password is great. but not so great if some compromised system is watching you do it.
