Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Which versions are vulnerable? Is 2020.2 with HF1 patch compromised?

Hi.

Tomorrow I installed Solarwinds-Orion-HotFix-2020.2.1-OfflineInstaller over my 2020.2 (not 2020.2.1) installation.
1. Is 2020.2 (without .1) with HF1 patch is vulnerable?
2. If no, why ESET tells me 2020.2 HF libs are infected with SunBurst?
3. Is it safe to restart SWS services if ESET had removed businesslayer.dll?

Also this is very confusing for me:

Known affected products:
Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 HF 1, including: ...

2020.2 + hotfix = 2020.2 HF 1, i'm not right?

Find more posts tagged with

Accepted answers

christopher.t.jones123

@jason.carrier provided this article in another thread, should be able to help

https://support.solarwinds.com/SuccessCenter/s/article/Address-the-SolarWinds-Core-BusinessLayer-dll-security-vulnerability-in-Orion-Platform?language=en_US

All comments

nbs

From what i've read the latest version is apparently harder to exploit but still vulnerable. But hopefuly someone more knowledgeable will answer.

We're all still waiting on the patches to be released (in my case, up since 5.30AM UK time hoping to get our installations patched asap before i'm told to shut them down, and we're not on a vulnerable version).

Mitigation I've put in place is blocking web access (ports 80 and 443) from the solarwinds polling servers to the internet except for sites I am actually monitoring.

Where is Solarwinds based, EST or PST? trying to work out if its still 14th of Dec over there (where's our patches! )

omavel

Yep, we had to isolate our SWS completely (luckily we have only some external nodes to monitor)

nato

I didnt understand it, I had to ask a sharper mind.

christopher.t.jones123

@jason.carrier provided this article in another thread, should be able to help

https://support.solarwinds.com/SuccessCenter/s/article/Address-the-SolarWinds-Core-BusinessLayer-dll-security-vulnerability-in-Orion-Platform?language=en_US

edwardconde

They are in Texas... So Central time.

edwardconde

Our environment is internal only but our app servers to do have access to the internet. We have them powered down with version 2020.2 installed. My plan is to build a new main server to replace our existing and bring the new server online while leaving the old servers offline. My understanding is that a clean install is a better route.

What are you guys doing about service accounts you use in your solarwinds environments?