IT management software provider SolarWinds announced the release of updates in response to malware, now referred to as SUPERNOVA for all supported versions of SolarWinds Orion Platform products and a fix for customers on unsupported versions of these products. According to the announcement, the investigation shows that the malware could be deployed through the exploitation of a vulnerability in the Orion Platform.
For all supported versions
The company has already released two hotfix updates on December 14 and 15, 2020, that contained security enhancements, including those designed to prevent certain versions of the Orion Platform products from exploitation. The company also provided updates for all other supported versions of the platform products and a fix for customers on unsupported versions.
SolarWinds recommends that all maintenance customers, except those customers already on Orion Platform versions 2019.4 HF6 or 2020.2.1 HF2, to apply the latest updates related to the version of the product they have deployed, as soon as possible. The company also provided a script to allow customers to install it quickly, if they are unable to upgrade at this time, or are running a version prior to 2018.2.
These updates include versions:
- 2019.4 HF 6 (released on Dec 14, 2020)
- 2020.2.1 HF 2 (released on Dec 15, 2020)
- 2019.2 Security Patch (released on Dec 23, 2020)
- 2018.4 Security Patch (released on Dec 23, 2020)
- 2018.2 Security Patch (released on Dec 23, 2020)