Issue
- Your ESET product detects all known variants of the threat MSIL/SunBurst.A
- This threat affects users of SolarWinds® Orion® platform versions 2019.4 to 2020.2.1 HF1
- Apply hotfixes as soon as possible
- Keep ESET products updated
- Keep ESET LiveGrid® enabled
- Minimize the risk of malware attack
Details
Click to expand
On December 13th, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) announced the active exploitation of versions of SolarWinds Orion between March and June of 2020. SolarWinds published a Security Advisory announcing that malicious code, known as MSIL/SunBurst.A, had compromised its SolarWinds Orion Platform.
Within a single day of CISA’s announcement, ESET added software that detects and blocks all known variants of this exploit. We also advised managed service providers and other channel partners so they could take the proper steps to protect their customers. On December 16th, 2020, ESET published a product support page informing our customers that ESET protects against the SolarWinds exploit code, known as MSIL/SunBurst.A
Solution
To maximize your protection, we recommend the following steps:
Apply hotfixes as soon as possible
As noted above, ESET products protect against all known variants of MSIL/SunBurst.A. However, we also recommend following the guidance from SolarWinds, CISA and others, which is to disconnect the affected products until you apply the hotfixes from SolarWinds that remove the vulnerability.
Keep ESET products updated
- Update ESET Products - check for the latest product modules
New versions of malware are released frequently, so it is important that you are receiving regular DNA updates (your ESET product will check for updates every hour provided that you have a valid license and a working internet connection) and take precautions to ensure that your computer is not vulnerable to infection. - Confirm the latest modules are installed on your ESET Product
Keep ESET LiveGrid® enabled
In almost all cases, your ESET product with ESET LiveGrid enabled will respond faster to new threats than to module updates.
Learn more about ESET LiveGrid and make sure it is enabled in your ESET product.
Minimize the risk of malware attack
What can I do to minimize the risk of a malware attack?
- Regularly back up your important data
- Do not change the default settings of your ESET products (unless instructed to do so by Technical Support)
- Download and install the latest security patches for your OS and your applications
To see a list of all ESET security articles related to supply chain attacks, see supply-chain attack.
