Microsoft Updates 'Solorigate' Investigation
SOLARWINDS PATCH MANAGER UPDATE
"Specifically, all federal agencies operating versions of the SolarWinds Orion platform other than those identified as "affected versions" are required to use SolarWinds Orion Platform version 2020.2.1HF2," CISA says.ĬISA notes in the update that additional directions concerning SolarWinds will follow. Additionally, agencies should label and isolate all backups of the affected versions and, if they have the capability, conduct forensic analysis and search for indicators of compromise or other evidence of threat actor activity.ĬISA further notes that unaffected versions should be patched to the NSA-approved SolarWinds Orion Platform version 2020.2.1HF2 to prevent any attacks. Orion Platform 2020.2, 2020.2 HF1, version 20.12432ĬISA says organizations using systems that cannot be updated should keep them powered down and disconnected.The CISA alert says the four affected Orion platforms are: Secretary of State Mike Pompeo accused Russia of being behind the attack, saying in a radio interview earlier this month, "We can say pretty clearly that it was the Russians." Some organizations are continuing to run the backdoored software, meaning some organizations have been exposed to this attack campaign for nine months or more.
SOLARWINDS PATCH MANAGER SOFTWARE
SolarWinds says that from March through June, it issued Orion software updates that unintentionally included attacker-added backdoors, which FireEye has dubbed "Sunburst." The malicious software updates were signed using valid digital signatures and could steal files, profile systems and disable system services. Multiple federal agencies were compromised, including the Commerce and Treasury departments. 13 by FireEye, which discovered the supply chain attack. The SolarWinds hacking was initially disclosed on Dec. "The National Security Agency has examined this version and verified that it eliminates the previously identified malicious code," CISA says. In an update released Wednesday, CISA says the organizations with a vulnerable version of the SolarWinds platform installed must update to version 2020.2.1HF2 by Dec. See Also: Case Study: The Road to Zero Trust The Cybersecurity and Infrastructure Security Agency has released an emergency directive requiring all federal organizations still running vulnerable SolarWinds Orion software to immediately update to the latest version.
0 kommentar(er)
