Microsoft has taken a number of measures to prevent the hack on SolarWinds from working. The company has seized a domain and blocked the software with Microsoft Defender.
A coalition of several other companies seized the domain avsmcloud.com and made sure it ended up in the hands of Microsoft. The malicious code in SolarWinds Orion, also known as SUNBURST, contacted the address a few days after installation to announce itself to the hackers and await further instructions, ZDNet writes. Now that the domain is in Microsoft’s hands, it has been turned into a sinkhole and renders SUNBURST harmless, even if the Orion software has not yet been patched or deleted.
Microsoft has also decided to completely block and quarantine the affected versions of SolarWinds Orion, even if the software is still running. These are specifically versions 2019.4 through 2020.2.1 of SolarWinds Orion, released between March and June 2020.
SolarWinds stresses that apart from Orion, no other products of the company have been infected with the malicious code of the hackers, thought to be based in Russia. The company has released an update for Orion that should close the backdoor that SUNBURST creates, but not before the compromised software has been installed on nearly 18,000 users for months.
Investigations into the SolarWinds hack are in full swing. The affected parties included several US ministries, as well as hundreds of the world’s largest companies and security company FireEye, which initially discovered the hack.