Hackers getting in via NPM maybe

  • Anyone know anything about this?
    Rumors a patch may be coming concerning this
  • I'm kind of astounded that no official message - even just of acknowledgement - has been sent by Solarwinds to customers. Also, what rumors are you referring to? I haven't even seen an official list of affected products/versions. The article seems to indicate that something was piggybacked on update requests during a certain timeframe. Without more info, it's hard to do anything more refined than shut down the platform or remove all write privilege to service accounts.

  • Just logged a ticket with support. They indicate patches for 2019 and 2020 are coming 12/14 and 12/15 respectively. No other remediation steps available other than getting an updated .dll file from the Developers early. The updated .dll will be in the forthcoming patches.

  • Yup I only just heard about this as well. I saw this on the internet 

    "A SolarWinds spokesman said the company was aware of a potential vulnerability related to updates of its Orion technology management software that were released between March and June of this year."

    I'm still on 2019.4 so ok but was looking at upgrading this week. Guess I'll be holding off for now.

  • Per Support:

    We have just been made aware that our systems experienced a highly sophisticated, manual supply chain attack on SolarWindsRegistered OrionRegistered Platform software builds for versions 2019.4 through 2020.2.1.

    If customers ask for an ETA when the vulnerability will be resolved, please use the info below to set expectations with them.
    • 2020.2 Hotfix 2 will be available on Tuesday, Dec 15th
    • 2019.4 Hotfix 6 will be available on Monday, Dec 14th
    • Customers needing an immediate fix for 2019.4 Hotfix 5 can install a DLL provided by Engineering (more info about this from Engineering to come)
    ----------------------------------------------------------------------------------------------

    As per our discussion this was the said date it will be release for the vulnerability fixed.
    For the immediate fixed we are still waiting for the official announcement from the Engineering regarding full details.
  • Called Solarwinds support and the staff member answering the Tech Support line pretty much what is said here - two versions of the Orion Platform are impacted by the hack - 2019.4 and 2020.2. Earlier versions are not impacted. They also stated fixes are due out very soon - believe it was two or three at most.

  • Correction - the prior poster was spot on about patches coming out on 12/14 and 12/15. 

  • Anyone know where Solarwinds puts security advisories?  It's not under Recent Releases and News.

    I am blocking all egress access from Solarwinds servers.

  • Just received an email from Solarwinds - seems like I am affected. I'm on 2019.4

    Here's the email

    "Dear Customer,

    We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWindsRegistered OrionRegistered Platform software builds for versions 2019.4 through 2020.2.1.

    We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack. We are recommending that you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal.

    If you aren’t sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfixes you have applied, please go here.

    In addition, we recommend you review the guidance provided in the Secure Configuration for the Orion Deployment document available here.

    Security and trust in our software is the foundation of our commitment to our customers. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers. For more information go to solarwinds.com/securityadvisory.

    SolarWinds thanks you for your continued patience and partnership as we continue to work through this issue. We will continue to keep you updated of any new developments or findings. If you have any immediate questions prior to our next update, please contact Customer Support at 1-866-530-8040 or swisupport@solarwinds.com.

    Yours sincerely,

    Kevin Thompson
    President & CEO
    SolarWinds, Inc"

  • As there's not been any official information published,  I will be reaching out out to our SW Rep in the morning for details.