April 19, 2024

Microsoft a plans to start blocking and isolating versions of the SolarWinds Orion app that are known to have contained the Solorigate (SUNBURST) malware.This comes after a massive supply chain attack that came to light that impacted IT software vendor SolarWinds.

Hackers linked to the Russian government breached SolarWinds and inserted malware inside updates for Orion, a network monitoring and inventory platform.

SolarWinds confirmed that Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, were tainted with malware.

Microsoft was one of the first cybersecurity vendors to confirm the Solarwinds incident. On the same day, the company added detection rules for the Solorigate malware contained within the Solarwinds Orion app.These detection rules only triggered alerts, and Microsoft Defender users were allowed to decide on their own what they wanted to do with the Orion app.

“Starting on Wednesday, December 16 at 8:00 AM PST, Microsoft Defender Antivirus will begin blocking the known malicious SolarWinds binaries. This will quarantine the binary even if the process is running,”.

Microsoft said it took this decision for the benefit of its customers, even if it expects the decision to cause some crashes for network monitoring tools in sysadmin rooms.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

HashiCorp Critical Vulnerability – CVE-2024-3817

April 18, 2024

Cisco Integrated Management Controller Vulnerabilities

April 18, 2024

Windows Kernel Vulnerability – CVE-2024-21338 PoC Exploit Released

April 17, 2024

Cisco Duo Identify Data Breach

April 17, 2024

Tanium new Automate Feature

April 16, 2024

Patch released CVE-2024-3400 added to KEV Catalog

April 16, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading