SolarWinds Advisory: Unauthenticated Access in Web Help Desk (12.7.5), (Sat, Mar 19th)

This post was originally published on this site

There is a SolarWinds security advisory for Unauthenticated Access in Web Help Desk (WHD) 12.7.5.

Summary

A SolarWinds customer reported an external attempted attack on their instance of Web Help Desk (WHD) 12.7.5. The customer’s endpoint detection and response (EDR) system blocked the attack and alerted the customer to the issue.

SolarWinds is currently investigating this report. We have not been able to reproduce the scenario, and are working with the customer to further the investigation.

In an abundance of caution, SolarWinds recommends all Web Help Desk customers whose WHD implementation is externally facing to remove it from your public (internet-facing) infrastructure until we know more. If you are not able to remove it from your public infrastructure at this time, we recommend you ensure you have EDR software deployed, and are monitoring the WHD instance.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.