Quote:The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020.
CISA's Supplemental Guidance to Emergency Directive 21-01 demands this from all agencies using Orion versions unaffected in the SolarWinds supply chain attack.
"We issued V2 supplemental guidance to Emergency Directive 21-01," CISA tweeted. "Agencies using non-affected versions must update to the new version."
"The National Security Agency (NSA) has examined this version and verified that it eliminates the previously identified malicious code," the agency said.
"Given the number and nature of disclosed and undisclosed vulnerabilities in SolarWinds Orion, all instances that remain connected to federal networks must be updated to 2020.2.1 HF2 by COB December 31, 2020."
Read more: https://www.bleepingcomputer.com/news/se...-platform/
![[-]](https://www.geeks.fyi/images/collapse.png)
