Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SolarWinds Advisory: Unauthenticated Access in Web Help Desk (12.7.5)

Published: 2022-03-19
Last Updated: 2022-03-19 16:28:24 UTC
by Didier Stevens (Version: 1)
0 comment(s)

There is a SolarWinds security advisory for Unauthenticated Access in Web Help Desk (WHD) 12.7.5.

Summary

A SolarWinds customer reported an external attempted attack on their instance of Web Help Desk (WHD) 12.7.5. The customer’s endpoint detection and response (EDR) system blocked the attack and alerted the customer to the issue.

SolarWinds is currently investigating this report. We have not been able to reproduce the scenario, and are working with the customer to further the investigation.

In an abundance of caution, SolarWinds recommends all Web Help Desk customers whose WHD implementation is externally facing to remove it from your public (internet-facing) infrastructure until we know more. If you are not able to remove it from your public infrastructure at this time, we recommend you ensure you have EDR software deployed, and are monitoring the WHD instance.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords:
0 comment(s)
Diary Archives