Microsoft a plans to start blocking and isolating versions of the SolarWinds Orion app that are known to have contained the Solorigate (SUNBURST) malware.This comes after a massive supply chain attack that came to light that impacted IT software vendor SolarWinds.
Hackers linked to the Russian government breached SolarWinds and inserted malware inside updates for Orion, a network monitoring and inventory platform.
SolarWinds confirmed that Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, were tainted with malware.
Microsoft was one of the first cybersecurity vendors to confirm the Solarwinds incident. On the same day, the company added detection rules for the Solorigate malware contained within the Solarwinds Orion app.These detection rules only triggered alerts, and Microsoft Defender users were allowed to decide on their own what they wanted to do with the Orion app.
“Starting on Wednesday, December 16 at 8:00 AM PST, Microsoft Defender Antivirus will begin blocking the known malicious SolarWinds binaries. This will quarantine the binary even if the process is running,”.
Microsoft said it took this decision for the benefit of its customers, even if it expects the decision to cause some crashes for network monitoring tools in sysadmin rooms.