This critical SolarWinds bug is already being exploited, so patch now

A few days after being unveiled, there is already evidence of abuse

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A critical vulnerability plaguing a SolarWinds product is being actively exploited to remotely runmalicious codeon flawed servers. Since the patch is available, users are advised to apply it immediately and thus secure their endpoints.

It was recently reported SolarWinds' Web Help Desk has a Java deserialization security vulnerability, that allows threat actors to run code and commands, remotely. The vulnerability is tracked as CVE-2024-28986 and carries a severity score of 9.8 (critical).

SolarWinds' Web Help Desk is a web-basedhelp desk softwareplatform designed to manage IT service requests and streamline support operations. It offers features such as ticketing management, asset management, change management, and knowledge base integration. The software allows IT teams to track and resolve issues more efficiently by automating workflows, assigning tickets, and providing self-service options for end-users.

Proof of abuse

SolarWinds pushed a patch last Wednesday, and urged its users to apply it, despite having no proof of in-the-wild exploits at the time.

“While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available,” SolarWinds said.

“WHD 12.8.3 Hotfix 1 should not be applied if SAML Single Sign-On (SSO) is utilized. A new patch will be available shortly to address this problem.” Before applying the fix, users should upgrade their servers to 12.8.3.1813.

A few days following the announcement, the US Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities (KEV) catalog, which means it has evidence of in-the-wild abuse. As a result, all federal agencies have until September 5 to patch vulnerable servers, or stop using the tool altogether.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case