TTCSIRT-THREAT ALERT: Supplemental Guidance for Emergency Directive on SolarWinds Orion Compromise
Please be advised, for situational awareness, the Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 21-01 – Mitigate SolarWinds Orion Code Compromise – Supplemental Guidance Version 2, which provides additional guidance that supplements Emergency Directive (ED) 21-01 and Supplemental Guidance v1 issued on December 18, 2020. Can be accessed here: https://cyber.dhs.gov/ed/21-01/#supplemental-guidance.
This guidance requires all agencies operating versions of the SolarWinds Orion platform –other than those identified as “affected versions” below—to use at least SolarWinds Orion Platform version 2020.2.1HF2 (please refer to the table below). The National Security Agency (NSA) has examined this version and verified that it eliminates the previously identified malicious code.
Given the number and nature of disclosed and undisclosed vulnerabilities in SolarWinds Orion, all instances that remain connected to networks must be updated to 2020.2.1 HF2 .
Orion Platform Version | Continued use of SolarWinds Orion permitted at this time | Update required? |
Affected versions: 2019.4 HF5, 2020.2 RC1, 2020.2 RC2, 2020.2, 2020.2 HF1 (should be powered down or removed from networks based on ED 21-01) | No | N/A |
All other versions that are currently online (if the instance did not previously use an affected version) | Yes | Yes (2020.2.1HF2) |
Please note, CISA will follow up with additional supplemental guidance to include further clarifications and hardening requirements. CISA encourages you to visit CISA’s main supply chain compromise webpage for additional information on this incident and related malicious activity, and resources to help organizations detect and prevent compromise.
Further information and support can be found and the following link:
https://www.cisa.gov/supply-chain-compromise