CISA Issues Mandatory Update Order – SolarWinds Update

Hello All. Quick follow-up to my post – SolarWinds Survival on December 29.  DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have ordered all US federal agencies to update their SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020, including those running non-affected versions of Orion.

“We issued V2 supplemental guidance to Emergency Directive 21-01,” CISA tweeted. “Agencies using non-affected versions must update to the new version.”

“The National Security Agency (NSA) has examined this version and verified that it eliminates the previously identified malicious code,” the agency said.

“Given the number and nature of disclosed and undisclosed vulnerabilities in SolarWinds Orion, all instances that remain connected to federal networks must be updated to 2020.2.1 HF2 by COB December 31, 2020.”

CISA has indicated that agencies using non-affected versions must update to the new version since Orion Platform versions 2019.4 HF6 and 2020.2.1 HF2 given they are designed to protect from both the SUNBURST and SUPERNOVA malware.

Further information on the DHS CISA directive can be found at – https://cyber.dhs.gov/ed/21-01/#supplemental-guidance

Comments are closed.