What is SUPERNOVA?
Over the last few days, you may have become aware of reported malware, now referred to as SUPERNOVA. Based on our investigation, this malware could be deployed through an exploitation of a vulnerability in the Orion Platform.
SolarWinds provided two hotfix updates on December 14 and 15, 2020 that contained security enhancements, including those designed to prevent certain versions of the Orion Platform products from being exploited in a SUPERNOVA attack.
The company also released similar updates for all other supported versions of the Orion Platform products and a fix for customers on unsupported versions of these products.
For more information on SUPERNOVA, please see our Security Advisory page at http://www.solarwinds.com/securityadvisory and our FAQ at www.solarwinds.com/securityadvisory/faq.
Does this impact MSP?
The vulnerability that can be exploited to deploy SUPERNOVA is in the Orion Platform products and does not impact the SolarWinds MSP products.
SolarWinds MSP operates separately as a wholly-owned subsidiary of our parent SolarWinds Corp. We have our own executive leadership team. We have different support, success, and sales teams and systems, and our R&D teams have their own leadership and separate repositories and build environments.
Continue reading →