US federal agencies must update the hacked Solarwinds Orion software or take all its apps offline, the country’s top cybersecurity agency has warned.
The Cybersecurity and Infrastructure Security Agency (CISA) has updated its official guidance for dealing with the repercussions from the SolarWinds supply chain attack that has affected thousands of enterprises and government agencies, including Microsoft.
CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version.
“Agencies that can’t update by that deadline are to take all Orion systems offline,” the guidance read.
Tracked as CVE-2020-10148, the vulnerability is an authentication bypass in the Orion API that allows attackers to execute remote code on Orion installations.
SolarWinds last month released the 2020.2.1HF2 version.
“The National Security Agency (NSA) has examined this version (2020.2.1HF2) and verified that it eliminates the previously identified malicious code,” the CISA said in its update.
At least 24 big companies, including tech giants like Intel, Cisco, VMware and Nvidia, have suffered part of the SolarWinds hack allegedly orchestrated by Russia-backed cybercriminals.
The suspected Russian hackers installed a malware in the Orion software sold by the IT management company SolarWinds, and accessed sensitive data belonging to several US government agencies, at least one hospital and a university.
According to Microsoft, it detected malicious SolarWinds applications in its environment, which were isolated and removed.
Cybersecurity firms FireEye and CrowdStrike have admitted they were affected during the SolarWinds attack.
Russia has denied having any role in the hacking.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]