This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.
Parents
  • Anyone know anything about this?
    Rumors a patch may be coming concerning this
  • I'm kind of astounded that no official message - even just of acknowledgement - has been sent by Solarwinds to customers. Also, what rumors are you referring to? I haven't even seen an official list of affected products/versions. The article seems to indicate that something was piggybacked on update requests during a certain timeframe. Without more info, it's hard to do anything more refined than shut down the platform or remove all write privilege to service accounts.

  • Just logged a ticket with support. They indicate patches for 2019 and 2020 are coming 12/14 and 12/15 respectively. No other remediation steps available other than getting an updated .dll file from the Developers early. The updated .dll will be in the forthcoming patches.

  • Per Support:

    We have just been made aware that our systems experienced a highly sophisticated, manual supply chain attack on SolarWindsRegistered OrionRegistered Platform software builds for versions 2019.4 through 2020.2.1.

    If customers ask for an ETA when the vulnerability will be resolved, please use the info below to set expectations with them.
    • 2020.2 Hotfix 2 will be available on Tuesday, Dec 15th
    • 2019.4 Hotfix 6 will be available on Monday, Dec 14th
    • Customers needing an immediate fix for 2019.4 Hotfix 5 can install a DLL provided by Engineering (more info about this from Engineering to come)
    ----------------------------------------------------------------------------------------------

    As per our discussion this was the said date it will be release for the vulnerability fixed.
    For the immediate fixed we are still waiting for the official announcement from the Engineering regarding full details.
  • Called Solarwinds support and the staff member answering the Tech Support line pretty much what is said here - two versions of the Orion Platform are impacted by the hack - 2019.4 and 2020.2. Earlier versions are not impacted. They also stated fixes are due out very soon - believe it was two or three at most.

  • Correction - the prior poster was spot on about patches coming out on 12/14 and 12/15. 

Reply Children
No Data