Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This critical SolarWinds bug is already being exploited, so patch now

Padlock against circuit board/cybersecurity background.

A critical vulnerability plaguing a SolarWinds product is being actively exploited to remotely run malicious code on flawed servers. Since the patch is available, users are advised to apply it immediately and thus secure their endpoints.

It was recently reported SolarWinds' Web Help Desk has a Java deserialization security vulnerability, that allows threat actors to run code and commands, remotely. The vulnerability is tracked as CVE-2024-28986 and carries a severity score of 9.8 (critical).

SolarWinds' Web Help Desk is a web-based help desk software platform designed to manage IT service requests and streamline support operations. It offers features such as ticketing management, asset management, change management, and knowledge base integration. The software allows IT teams to track and resolve issues more efficiently by automating workflows, assigning tickets, and providing self-service options for end-users.

Proof of abuse

SolarWinds pushed a patch last Wednesday, and urged its users to apply it, despite having no proof of in-the-wild exploits at the time.

"While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," SolarWinds said.

"WHD 12.8.3 Hotfix 1 should not be applied if SAML Single Sign-On (SSO) is utilized. A new patch will be available shortly to address this problem." Before applying the fix, users should upgrade their servers to 12.8.3.1813.

A few days following the announcement, the US Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities (KEV) catalog, which means it has evidence of in-the-wild abuse. As a result, all federal agencies have until September 5 to patch vulnerable servers, or stop using the tool altogether.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.