US government agencies told to patch SolarWinds flaws now

“Either update or take your systems offline”

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US Cybersecurity and Infrastructure Security Agency (CISA) has asked allUS governmentagencies to update theirSolarWindsOrion installations to the latest version, by the end of business hours on December 31, 2020.

According to reports, CISA’s Supplemental Guidance to Emergency Directive 21-01 orders all agencies using Solarwinds’ Orion to update to the latest 2020.2.1HF2 version.

In case they are unable to meet this deadline, they are to take all their Orion systems offline, in compliance with CISA’s original guidance, that was first issued on December 18.

NSA vetted

NSA vetted

The directive follows theSolarWinds supply chain attackin which hackers broke into the software firm SolarWinds' and altered several versions of the Orion platform to add malware.

After themassivesupply chain attack came to light, it was discovered that Orion versions 2019.4 through to 2020.2.1, that were released between March 2020 and June 2020, were tainted with malware named Sunburst and Supernova.

SolarWinds released the 2020.2.1HF2 version on December 15 to address the attack by eliminating every bit of the malicious code. This release has now been verified by the National Security Agency as welltweetedCISA yesterday, as it issued the supplemental guidance for its agencies.

In its directive CISA writes that “Given the number and nature of disclosed and undisclosed vulnerabilities in SolarWinds Orion, all instances that remain connected to federal networks must be updated to 2020.2.1 HF2 by COB December 31, 2020.”

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The agency further added that it will follow up “with additional supplemental guidance, to include further clarifications and hardening requirements.”

Via:ZDNet

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Herman Miller Aeron gaming chair review: premium, highly customizable comfort