The advisory from SolarWinds, which is being made from an “abundance of caution”, might seem a bit out of pattern. However, after recent events related to other SolarWinds Products seems to be a much more proactive response and one that could indicate there is a potential pattern in the attack that is concerning. SolarWinds also recommended the installation of EDR agents/software on any Web Help Desk installations that cannot be blocked form public access (this should already be the case anyway).
Web Help Desk is SolarWinds’ ticketing and IT inventory management software. Because it can provide quick access to information about a target organization and potentially access into a network via the publicly exposed side it is a nice target.
No details on the originally attacked customer have been released, but there are several vulnerabilities in WHD below version 12.7.6 that could allow an attacker to compromise the system and gain a foothold in the hosting network. SolarWinds has said they will continue to investigate the attack to ensure there is not a larger issue. They also do not believe that other WHD customers are currently affected, which is an odd thing to say given the extreme response to the single reported attack.
As always organizations are advised to secure their externally facing resources with Web Application Firewalls, EDR installed on all systems, and to ensure that the latest updates are installed to prevent exploit of a known vulnerability.
Happy patching