Microsoft has announced that will start blocking and isolating certain versions of SolarWinds, the app that was compromised as part of a high-profile cyberattack (opens in new tab) earlier this week. The decision should provide businesses with an additional layer of protection while they put more long-term patch management (opens in new tab) solutions in place.
“Starting on Wednesday, December 16 at 8:00 AM PST, Microsoft Defender Antivirus will begin blocking the known malicious SolarWinds binaries,” a Microsoft security blog explained (opens in new tab).
“This will quarantine the binary even if the process is running. We also realize this is a server product running in customer environments, so it may not be simple to remove the product from service. Nevertheless, Microsoft continues to recommend that customers isolate and investigate these devices.”
- Check out our list of the best antivirus (opens in new tab) services around
- We've built a list of the best endpoint protection (opens in new tab) services out there
- Here's our list of the best malware removal (opens in new tab) software on the market
SolarWinds recently confirmed that versions 2019.4 through 2020.2.1 of its Orion app were infected with malware. Although security platforms quickly added detection rules for the malware, these only triggered alerts.
An ill wind
If it is not been feasible for some organizations to remove the SolarWinds platform from service, Microsoft has advised customers to exclude software binaries, providing instructions for how to do so. They have also said that this exclusion should be temporary and reverted once binaries have been updated.
In light of the SolarWinds malware infection, two US Government agencies confirmed that they had been hit by a cyberattack. The US treasury and commerce departments said that the attacks were likely to be state-sponsored, with most of the evidence pointing in Russia’s direction.
As per usual, however, Russia responded by dismissing the accusations as “baseless.” Regardless of who’s responsible, the SolarWinds malware is certainly proving damaging, with an estimated 18,000 customers infected.
- Here's our list of the best ransomware protection (opens in new tab) services right now
Via ZDNet (opens in new tab)