Recent as of February 5, 2021, 2:30pm CST

FAQ: Security Advisory




  1. If I’ve upgraded to Orion Platform versions 2019.4 HF6 or 2020.2.1 HF2, am I affected by SUNBURST or SUPERNOVA?
  2. Am I safe if I disconnect my Orion server from the internet?
  3. How is SolarWinds addressing SUNBURST and SUPERNOVA?
  4. Are SUNBURST and SUPERNOVA related?
  6. How is SolarWinds responding to these security vulnerabilities?
  7. What programs is SolarWinds going to offer its customers?
  8. What actions should I take?
  9. How do I know what version I’m on?
  10. How do I know if my environment was exposed?
  11. How do I upgrade my Orion Platform version?
  12. My antivirus software is alerting on the of SolarWinds.Orion.Core.BusinessLayer.dll – am I infected?
  13. Some endpoint security tools flag old Orion installers left behind after upgrading to protected versions. Do these alerts mean that I am still at risk?
  14. Has the Department of Homeland Security issued an Emergency Directive on this vulnerability?
  15. Why does CISA recommend users split out the web server from the Orion Application server?
  16. What is SolarWinds doing to help find a solution?
  17. What if I can’t upgrade right now? How do I ensure the security of my Orion server?
  18. I have downloaded a file from my Customer Portal and want to verify it is legitimate. How can I do that?
  19. Where can I see a complete list of all Orion Platform versions, their status, and recommended actions?
  20. If your environment was compromised, why is it safe for us to install these updates/trust your code? OR What are you doing to prevent future incidents moving forward?
  21. I still have more questions about this issue and my environment’s security—who can I talk to?
  22. Why can’t you tell us more about what’s going on?
  23. What about the vulnerabilities disclosed by Trustwave?
  24. What about the issue disclosed by Sophos?
  25. What is SUPERNOVA?
  26. Is SUPERNOVA another supply chain attack?
  27. What indicators of compromise (IOCs) of the SUPERNOVA malware have you identified?
  28. How can I confirm if I’ve applied either the SUPERNOVA mitigation script or one of the SUPERNOVA security fixes to my Orion server(s)?
  29. What is SUNBURST?
  30. How extensive is the impact of SUNBURST?
  31. What should I do if I believe my environment has been compromised by the SUNBURST vulnerability?
  32. If my Orion server currently or previously had a SUNBURST vulnerable version, should I simply upgrade or should I rebuild my Orion server? What about my database?
  33. I want to manually check my version of the SolarWinds.Orion.Core.BusinessLayer.dll for the SUNBURST vulnerability. Do you know a way to do that?
  34. What indicators of compromise (IOCs) of the SUNBURST vulnerability have you identified?
  35. How do I know someone didn't exploit the SUNBURST vulnerability and move horizontally in my environment and compromise another system?
  36. What products are affected by the SUNBURST vulnerability?
  37. What products are NOT affected by the SUNBURST vulnerability?
  38. Why didn’t SolarWinds catch the SUNBURST vulnerability before it happened?
  39. With these processes in place how was your code compromised to insert the SUNBURST vulnerability?
  40. How many customers are potentially affected by SUNBURST vulnerability?
  41. Why were 33,000 customers mentioned in connection with the SUNBURST vulnerability?
  42. What is the Common Criteria framework?
  43. Where can I see a complete list of Orion Suite for Federal Government versions, their status and recommended actions?