PDS Cyber Security Advisory:
Advisory Regarding Vulnerabilities in Solar Winds Orion
Advisory Type: IT Security
Severity: Critical
Summary: PDS is providing the following communication to build awareness of critical vulnerabilities and patches in Solar Winds Orion products.
On December 13, 2020 FireEye posted additional information regarding the breach they announced on December 8. The posting indicated that Solar Winds was victim of a supply chain attack on their SolarWinds Orion Platform Software. Solar Winds issued their own security advisory on December 13 stating software released between March 2020 and June 2020 was impacted. Solar Winds’ Security Advisory states vulnerabilities exist in the following products:
Orion Platforms prior to v2020.2.1 HF 1
Vulnerable products contain malware which is attributed to growing numbers of malicious attacks on government and private industry entities. To date, researchers have linked the FireEye breach, the recent attacks on US Government agencies, and the Solar Winds supply chain incident as all being related.
Solar Winds has published software version 2020.2.1 HF 1 and will publish 2020.2.1 HF 2 on Tuesday, December 15. Workaround instructions are also available in Secure Configuration for the Orion Platform for circumstances where patching may be delayed.
We strongly advise customers to review the Solar Winds advisory and patching information. PDS Architects are available to assist with the mitigation, your Account Director can assist in arranging support for this issue.