Solarwinds緊急釋出遭駭系統修補程式
SolarWinds發表,從今年3月到6月間釋出的SolarWinds Orion Platform 2019.4 HF 5至2020.2.1版本遭到駭客攻擊,另也在本周一(12/14)提交給證券交易委員會(SEC)的文件中說明,安裝含漏洞Orion Platform版本的客戶數接近1.8萬家。
駭客藉由SolarWinds Orion的安全漏洞滲透到客戶的內部網路,並藏匿於受害者的系統上長達數月之久。目前確定駭客是在合法的SolarWinds函式庫中嵌入了惡意的SolarWinds.Orion.Core.BusinessLayer.dll木馬程式,該程式可透過HTTP與第三方伺服器交流,而且是經SolarWinds簽章的元件。
Microsoft 安全回應中心(MSRC)指出,他們目前並不知道該木馬程式是如何進駐SolarWinds函式庫的,也許是危害了SolarWinds的內部版本或散布系統,使得此一木馬程式得以隨著自動化更新進入受害者網路。
一旦進入受害者網路,駭客就會利用危害本地端時所取得的管理權限,試圖進一步取得組織的全球管理帳號或可靠的SAML權杖,將允許駭客於受害組織中的應用程式或服務建立自己的憑證。
Solarwinds緊急通知客戶Orion® Platform software builds for versions 2019.4 through 2020.2.1. 具備可被攻擊的漏洞!請客戶即刻檢查所屬產品版本定更新至Orion Platform version 2020.2.1 HF 1
Solarwind並於12/16下午約2:00釋出最新安全漏洞修補程式Hot Fix 2, release notes重點如下:
- A vulnerable jQuery (CVE-2019-11358) was addressed.
- An XSS vulnerability in the external web sites was addressed.
- An XSS vulnerability in Orion Maps was addressed.
- A formula injection issue was addressed.
- The main Orion Web Console menu only displays items the logged-in user has privileges to see.
- HTTP Strict Transfer Policy headers are now applied where appropriate.
- The issue where username@domain no longer works for login was addressed.
意指所有被揭露的漏洞皆已修補完畢,並修正了一些系統的問題.
客戶必須登入Solarwinds Partner Central 以取得該hotfix. 以下為升級步驟:
1. If you aren’t sure which version of the Orion Platform you are using, see directions on how to check that here.
2. Prepare to install or upgrade Orion Platform products, please check here.
3. Install or upgrade products in an existing Orion deployment (2016.1 through 2018.4 deployments)
4. Perform a centralized upgrade of an existing Orion deployment (2019.2 and later deployments)
5. Upgrade older versions of Orion Platform products
6. To install the hotfix on an Orion server with Internet access, click Downloads > Download Product. Select your product and license tier, and download the Online Installation file.
7. Run the installation file. Follow the instructions in the installation wizard.