By: Richard Little
Only the versions: 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1 were infected.
There was a file, SolarWinds.Orion.Core.BusinessLayer.dll, that was compromised.
If you are running a version older then 2019.4 HF 5 the dll file was not compromised. If you are at version 2020.2.1 or later the dll file was replaced and is not compromised.
If you do have a compromised version, then upgrading to the latest version 2020.2.1 HF1 will replace the dll file and fix your issue.
Here are the recommendations from Solarwinds:
“We are recommending you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal.
If you cannot upgrade immediately, please follow the guidelines available here for securing your Orion Platform instance. The primary mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is necessary.
An additional hotfix release, 2020.2.1 HF 2 is anticipated to be made available Tuesday, December 15, 2020. We recommend that all customers update to release 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component and provides several additional security enhancements.”