On December 13th, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) announced the active exploitation of versions of SolarWinds Orion between March and June of 2020. SolarWinds published a Security Advisory announcing that malicious code, known as MSIL/SunBurst.A, had compromised its SolarWinds Orion Platform.
Within a single day of CISA’s announcement, ESET added software that detects and blocks all known variants of this exploit. We also advised managed service providers and other channel partners so they could take the proper steps to protect their customers. On December 16th, 2020, ESET published a product support page informing our customers that ESET protects against the SolarWinds exploit code, known as MSIL/SunBurst.A
To maximize your protection, we recommend the following steps:
As noted above, ESET products protect against all known variants of MSIL/SunBurst.A. However, we also recommend following the guidance from SolarWinds, CISA and others, which is to disconnect the affected products until you apply the hotfixes from SolarWinds that remove the vulnerability.
In almost all cases, your ESET product with ESET LiveGrid enabled will respond faster to new threats than to module updates.
Learn more about ESET LiveGrid and make sure it is enabled in your ESET product.
To see a list of all ESET security articles related to supply chain attacks, see supply-chain attack.