2 min Security

Critical SolarWinds bug requires immediate patching due to active exploitation

Critical SolarWinds bug requires immediate patching due to active exploitation

Hackers are actively exploiting a critical vulnerability in SolarWinds’ Web Help Desk software. This allows them to remotely execute malicious code on affected servers. The vulnerability, known as CVE-2024-28986, scores a whopping 9.8 out of 10 on the CVSS Severity Scale. It involves a Java deserialization bug.

SolarWinds has released a patch and urges all users to apply it immediately to secure their systems. There was no initial evidence that the vulnerability was being exploited in the wild. Nevertheless, SolarWinds recommended applying the patch anyway as a precaution.

Better safe than sorry

The company acknowledged that it was difficult to reproduce the vulnerability without authentication but nevertheless advised customers to first update to the latest version of Web Help Desk (12.8.3.1813) and only then apply ‘WHD 12.8.3 Hotfix 1’. The exception concerns customers using SAML Single Sign-On (SSO), for whom another patch will be available soon.

The vulnerability, which enables unauthorized code execution via Java deserialization, has been added to the Known Exploited Vulnerabilities (KEV) catalogue by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This only happens with active exploitations, so evidence has apparently surfaced somewhere.

One consequence, at least, is that federal government agencies in the US must patch or stop using the vulnerable software by September 5.

Also read: ‘Department of Justice already knew of SolarWinds hack in May 2020’