I'm kind of astounded that no official message - even just of acknowledgement - has been sent by Solarwinds to customers. Also, what rumors are you referring to? I haven't even seen an official list of affected products/versions. The article seems to indicate that something was piggybacked on update requests during a certain timeframe. Without more info, it's hard to do anything more refined than shut down the platform or remove all write privilege to service accounts.
I'm kind of astounded that no official message - even just of acknowledgement - has been sent by Solarwinds to customers. Also, what rumors are you referring to? I haven't even seen an official list of affected products/versions. The article seems to indicate that something was piggybacked on update requests during a certain timeframe. Without more info, it's hard to do anything more refined than shut down the platform or remove all write privilege to service accounts.
Just logged a ticket with support. They indicate patches for 2019 and 2020 are coming 12/14 and 12/15 respectively. No other remediation steps available other than getting an updated .dll file from the Developers early. The updated .dll will be in the forthcoming patches.
Per Support:
Called Solarwinds support and the staff member answering the Tech Support line pretty much what is said here - two versions of the Orion Platform are impacted by the hack - 2019.4 and 2020.2. Earlier versions are not impacted. They also stated fixes are due out very soon - believe it was two or three at most.
Here is some more detailed information around the hack from fireeye site.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.