SolarWinds New Digital Code-Signing Certificate

בהמשך למתקפת הסייבר שחוותה חברת SolarWinds וכחלק מהתגובה לפגיעות SUNBURST , האישור לחתימת קוד דיגיטלי המשמש לחתימה על גרסאות SolarWinds, יבוטל ב- 8 במרץ 2021 ויוחלף באישור חתימת קוד דיגיטלי חדש (Digital Code Signing) . אנו מצרפים את העדכו החשובן מטעם חברת SolarWinds בלינק הבא https://www.solarwinds.com/trust-center/new-digital-certificate.

אנו ממליצים לכול לקוחות החברה להתעדכן בפרטים אותם מסרה SolarWinds, ולעקוב אחרי דף עדכוני האבטחה שלה בלינק Security Advisory המתעדכן אונליין.

As announced by SolarWinds President and CEO Sudhakar Ramakrishna in his Orange Matter blog, Our Plan for a Safer SolarWinds and Customer Community, we are taking key steps to ensure the security and integrity of the software that we deliver to customers. SolarWinds uses a digital code-signing certificate to digitally sign each software build, and to help end users authenticate the code comes from us. As part of our response to the SUNBURST vulnerability, the code-signing certificate used by SolarWinds to sign the affected software versions will be revoked on March 8, 2021. This is industry-standard best practice for software that has been compromised.

Regretfully, the same digital code-signing certificate used to sign our Orion Platform software affected by the SUNBURST vulnerability was also used to sign additional SolarWinds products not known to be affected by SUNBURST. While this does not mean all products are compromised, it does mean the day-to-day operation of any software signed by the compromised digital code-signing certificate may be impacted by a user’s operating system, antivirus, or endpoint protection software when the certificate is publicly revoked on March 8, 2021.

The full list of products is available in the table below.

We’ve obtained new digital code-signing certificates and have rebuilt the affected versions, are re-signing our code, and will re-release all of the products previously signed with the certificate to be revoked. To ensure the performance of your SolarWinds product(s), you must upgrade to these new builds before March 8, 2021.

FREQUENTLY ASKED QUESTIONS (FAQ)

Frequently Asked Questions

QUESTION 1

Recent as of 1/13/2021

Why are some digital code-signing certificates being revoked?

It’s software industry-standard best practice to revoke any code-signing certificate associated with a security incident, as that certificate is now associated with compromised code. SolarWinds has worked with a Certificate Authority to revoke the prior certificate and get a new code-signing certificate we’ve used to authenticate the new code.

QUESTION 2

Recent as of 1/13/2021

What do I need to do?

To minimize any operational impact, we recommend that customers using affected products update where possible or re-install those products before March 8, 2021.

The list of products we’ve digitally re-signed is maintained in the table below, and we will provide the steps you should follow to update those products when these updates are available for download.
We currently anticipate the first group of updates to be available the week of January 18 and will notify all customers when they are made available.

QUESTION 3

Recent as of 1/13/2021

Where can I find a list of affected products?

Products which will be digitally re-signed are as follows:

Orion Platform Products, which include:

Orion Platform and SDK, Enterprise Operations Console (EOC)
Networking: Network Performance Monitor (NPM), Network Configuration Manager (NCM), NetFlow Traffic Analyzer (NTA), Network Automation Manager (NAM), Application Centric Monitor (ACM), Network Operations Manager (NOM), IP Address Manager (IPAM), User Device Tracker (UDT), VoIP & Network Quality Manager (VNQM)
Systems: Server & Application Monitor (SAM), Virtualization Manager (VMAN), Server Configuration Monitor (SCM), Storage Resource Monitor (SRM), Web Performance Monitor (WPM), Log Analyzer (LA)
Database: Database Performance Analyzer (DPA), Database Performance Analyzer Integration Module (DPAIM)

Products Affected by Digital Code-Signing Certificate Revocation

Orion Platform Version	Recommended Action
2020.2.4	No action needed
2020.2.1 HF 2 2020.2.1 HF 1 2020.2.1 2020.2 HF 1 2020.2	Upgrade to 2020.2.4
2019.4.2	No action needed
2019.4 HF 6 2019.4 HF 5 2019.4 HF 4	Upgrade to 2020.2.4 OR Upgrade to 2019.4.2

Non-Orion Platform Products

Porfolio	Product Name	Affected Versions
Database	Database Performance Analyzer (DPA)	2019.4.1 SR1 2020.2 2020.2 HF2 2020.2.1 SR1 2020.4 RC1 2020.4 RC2 2020.4 RC3
Security	Security Event Manager (SEM)	2019.4.1 2020.2 2020.2.1 2020.4
	Access Rights Manager (ARM)	2019.4.3 2020.2 2020.2.1 2020.2.2 2020.2.3
	Patch Manager	2020.2 2020.2.1
Application Performance Management	Pingdom (versions of the WPM recorder)	2020.2.0.6002 2020.2.1.6402 2020.2.2.6824
Paid Tools	Kiwi CatTools	3.11.6
	Kiwi Syslog Server	9.7.1 9.7
	Dameware Remote Support Dameware Mini Remote Control	12.1.1
	Serv-U	15.1.7 HF5 15.2 15.2.1
	ipMonitor	11.1.0
	Engineer’s Tool Set	2020.2 2020.2.1 2020.2.2
	Mobile Admin	8.2.2 8.2.3

QUESTION 4

Recent as of 1/13/2021

The deadline to update my software is March 8, 2021. Can I update early?

Yes, we recommend you update or reinstall as soon as possible, once we notify you the new software builds are available for download. We currently anticipate the first group of updates to be made available the week of January 18.

QUESTION 5

Recent as of 1/13/2021

What will happen on March 8, 2021 once the affected digital code-signing certificate is revoked?

Where affected SolarWinds software has been deployed, you may not see any immediate impact from the revocation of the digital code-signing certificate. However, we do expect the following scenarios could introduce an operational interruption:

If you try to perform a fresh install of software signed with a revoked digital code-signing certificate: Your operating system will not allow you to install a fresh version of the software signed with the revoked certificate. Part of the installation process is a check to the Certificate Revocation List (CRL). That check will fail, as the certificate has been revoked, and the operating system will prevent installation.
If you have an affected version already installed: If you try to install a component or add-on, the installation will be blocked by the same process as above.
If you’re running a highly secure environment: Depending on which security controls have been implemented in your IT environment, affected SolarWinds products may cease operation once the code-signing certificate is revoked.
Systems protected by antivirus and endpoint protection software: Based on the policy of your security software, and on how that security software acts with software signed with a revoked code-signing certificate, affected SolarWinds products may experience interruption sooner than the above-described scenarios.

QUESTION 6

Recent as of 1/13/2021

How can I find out what version of Orion Platform products I’m running?

If you aren’t sure which version of the Orion Platform products you’re using, you can see directions on how to check that here. To check which hotfix updates you’ve applied, please go here.

QUESTION 7

Recent as of 1/13/2021

Should I manually revoke the digital code-signing certificate if it’s found on my system before March 8, 2021?

You do not need to manually revoke the certificate, but you may do so if you choose. The impact to your SolarWinds software deployments will be as outlined here.

QUESTION 8

Recent as of 1/13/2021

Can I just replace the revoked digital code-signing certificate with the new one and keep my software running?

No. You must either update or re-install the affected SolarWinds products.

QUESTION 9

Recent as of 1/13/2021

I’m getting alerts from my antivirus and/or endpoint protection software that affected SolarWinds software has a low reputation score, or that it’s untrusted. What does that mean?

Depending on the policies of your antivirus or endpoint protection solution, it’s possible you may get alerts before March 8, 2021 regarding your installed SolarWinds software. In some cases, antivirus and/or endpoint protection software may quarantine some files, and potentially interrupt the normal operation of your SolarWinds software. Updating and installing the software packages signed with the new digital code-signing certificate will resolve this issue.

QUESTION 10

Recent as of 1/13/2021

Why do I need to reinstall or update software that wasn’t a part of the SUNBURST incident?

While some of our products that need to be upgraded or reinstalled were not affected by SUNBURST, they were signed with the same digital code-signing certificate that will be revoked March 8, 2021. This does not mean they were compromised, but that the same digital code-signing certificate was used to authenticate the package is from SolarWinds. For more information on SUNBURST visit www.solarwinds.com/securityadvisory.

QUESTION 11

Recent as of 1/13/2021

What about SolarWinds software either fully certified or in the process of being certified against Common Criteria?

The only Common Criteria distribution affected by the revocation of the digital code-signing certificate is SolarWinds Access Rights Manager (ARM) 2020.2.1, which is under evaluation by the Singapore Common Criteria Scheme. ARM 2020.2.1 will be updated to 2020.2.4, which will be signed by a new digital code-signing certificate.

QUESTION 12

Recent as of 1/13/2021

What if I’m out of maintenance?

As promised, SolarWinds will ensure access to the hotfixes needed by customers on a version affected by SUNBURST or by the revocation of the digital code-signing certificate, regardless of maintenance status. Please note, only customers on active maintenance have access to Support, Training, and Feature/Functionality updates.

מוזמנים ליצור עימנו קשר בכל שאלה שהיא לטלפון 1800-800-644 או במייל [email protected].