Get Permission
The Cybersecurity and Infrastructure Security Agency has released an emergency directive requiring all federal organizations still running vulnerable SolarWinds Orion software to immediately update to the latest version.
In an update released Wednesday, CISA says the organizations with a vulnerable version of the SolarWinds platform installed must update to version 2020.2.1HF2 by Dec. 31.
"The National Security Agency has examined this version and verified that it eliminates the previously identified malicious code," CISA says.
The SolarWinds hacking was initially disclosed on Dec. 13 by FireEye, which discovered the supply chain attack. Multiple federal agencies were compromised, including the Commerce and Treasury departments. SolarWinds says that from March through June, it issued Orion software updates that unintentionally included attacker-added backdoors, which FireEye has dubbed "Sunburst." The malicious software updates were signed using valid digital signatures and could steal files, profile systems and disable system services. Some organizations are continuing to run the backdoored software, meaning some organizations have been exposed to this attack campaign for nine months or more.