==================================================================== CERT-Renater Note d'Information No. 2020/VULN682 _____________________________________________________________________ DATE : 14/12/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systemss running SolarWinds® Orion® Platform versions prior to 2020.2.1 HF 1, 2020.2.1 HF 2. ===================================================================== https://www.solarwinds.com/securityadvisory _____________________________________________________________________ SolarWinds Security Advisory SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack. We recommend taking the following steps related to your use of the SolarWinds Orion Platform. We are recommending you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal. If you aren't sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfixes you have applied, please go here. If you cannot upgrade immediately, please follow the guidelines available here for securing your Orion Platform instance. The primary mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is necessary. An additional hotfix release, 2020.2.1 HF 2 is anticipated to be made available Tuesday, December 15, 2020. We recommend that all customers update to release 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component and provides several additional security enhancements. Security and trust in our software is the foundation of our commitment to our customers. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security process, procedures and standards designed to protect our customers. We are working to investigate the impacts of this incident and will continue to update you as we are made aware of any interruptions or impact to your business specifically. Thank you for your continued patience and partnership as we continue to work through this issue. We will continue to keep you updated of any new developments or findings. If you have any immediate questions prior to our next update, please contact Customer Support at 1-866-530-8040 or swisupport@solarwinds.com. ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41         + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================