The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a newly discovered vulnerability in SolarWinds’ Web Help Desk solution, which has already been exploited in active attacks.  

Tell me more about the SolarWinds RCE Vulnerability 

SolarWinds’ Web Help Desk software is widely used by large enterprises, government agencies, healthcare providers and educational institutions to manage help desk tasks, making the impact of this vulnerability potentially widespread and severe. 

The vulnerability, identified as CVE-2024-28986, is a Java deserialization flaw that could allow attackers to execute remote code on affected servers. This means that if the vulnerability is exploited, attackers could gain control over the affected systems, running malicious commands that could lead to data breaches, system disruption or even full network compromise. The severity of this vulnerability cannot be overstated, especially given the sensitive nature of the data handled by the organizations that typically use SolarWinds’ Web Help Desk. 

On August 13, 2024, SolarWinds released a hotfix to address CVE-2024-28986. However, the company has not provided details on whether the vulnerability has been actively exploited in the wild, leaving organizations in a position where they must assume the worst and act swiftly to protect their systems. 

What is Nuspire doing? 

At Nuspire, ensuring the security of our clients’ environments is our top priority. We have taken immediate action in response to the CISA alert and the availability of the SolarWinds hotfix. Our team is diligently applying the necessary patches as per vendor recommendations, minimizing the window of vulnerability for our clients. 

Beyond just applying patches, Nuspire’s threat hunting team is actively scanning client environments for any signs of compromise related to this vulnerability. Our proactive approach means we are not only fixing the issue but also searching for any indicators that attackers may have already attempted to exploit this flaw. This dual approach of patching and threat hunting ensures that our clients are not just protected going forward but are also safeguarded against any potential past exploits. 

What should I do? 

For organizations using SolarWinds’ Web Help Desk, immediate action is crucial to reduce the risk of falling victim to this critical vulnerability. The first and most important step is to apply the hotfix provided by SolarWinds as outlined in their advisory. Administrators must ensure that they are upgrading to Web Help Desk version 12.8.3.1813 before applying the hotfix, as this version is necessary to address the vulnerability effectively. 

Additionally, it is vital to create backups of the original files before beginning the hotfix installation process. This precaution will help avoid potential issues if the hotfix deployment encounters problems or is not applied correctly. If any issues arise during the application of the hotfix, having these backups will allow you to restore the original files and avoid extended downtime or further vulnerabilities. 

While the immediate application of the hotfix is necessary, organizations should also consider longer-term strategies for securing their IT environments. Regularly updating and patching software, conducting thorough security audits and vulnerability scans, and engaging in proactive threat hunting are all essential practices to maintain a strong security posture. 

By following these steps and staying informed about potential vulnerabilities, organizations can significantly reduce their exposure to cyber threats and ensure that they are prepared to respond to emerging risks. In today’s rapidly evolving threat landscape, vigilance and swift action are key to maintaining cybersecurity resilience. 

The post CISA Warns of Critical SolarWinds RCE Vulnerability Exploited in Attacks appeared first on Nuspire.

*** This is a Security Bloggers Network syndicated blog from Nuspire authored by Team Nuspire. Read the original post at: https://www.nuspire.com/blog/cisa-warns-of-critical-solarwinds-rce-vulnerability-exploited-in-attacks/