A vulnerability was recently reported in RMM Windows Agent versions prior to version 10.8.9, that, if successfully exploited, could allow a local user to replace files, elevate their privilege, and execute arbitrary commands. This vulnerability was responsibly disclosed to SolarWinds from a researcher https://hansesecure.de/2020/06/vulnerability-in-monitoring-software/?lang=en. This issue was resolved in the agent version 10.8.9 released on April 5, 2019. If you are running an older Windows agent please upgrade them as soon as possible to the latest GA version. We take security seriously; ensuring you are on the latest supported version of RMM is an important way for you to leverage the most up-to-date features that help protect you and your customers. If you have additional questions, please contact support for assistance.
To upgrade your agents, log into RMM and go to ‘Agent Auto-update Settings’ on the Agent dropdown menu. You can also right-click individual servers and workstations to update the agent on the ‘Edit Device’ dialog. Use the Device Inventory Report to see which agent versions are on your devices.