As announced by SolarWinds President and CEO Sudhakar Ramakrishna in his Orange Matter blog, Our Plan for a Safer SolarWinds and Customer Community, SolarWinds are taking key steps to ensure the security and integrity of the software they deliver to customers.
SolarWinds uses a digital code-signing certificate to digitally sign each software build and to help end-users authenticate that the code comes from SolarWinds. As part of the response to the SUNBURST vulnerability, the code-signing certificate used by SolarWinds to sign the affected software versions will be revoked on March 8, 2021. This is industry-standard best practice for software that has been compromised.
Regretfully, the same digital code-signing certificate used to sign the Orion Platform software affected by the SUNBURST vulnerability was also used to sign additional SolarWinds products not known to be affected by SUNBURST. While this does not mean all products are compromised, it does mean the day-to-day operation of any software signed by the compromised digital code-signing certificate may be impacted by a user’s operating system, antivirus, or endpoint protection software when the certificate is publicly revoked on March 8, 2021.
The full list of affected products can be found here.
To ensure the performance of your SolarWinds product(s), you must upgrade to these new builds before March 8, 2021. Further information, including a list of frequently asked questions, can be found on the SolarWinds website.
Loop1 clients that have an active maintenance contract, please reach out to your dedicated maintenance renewals contact or account manager in the first instance. Alternatively, get in touch via the link below.