Critical Security Vulnerability in SolarWinds Web Help Desk

Immediate Upgrade Required

Customers are advised to act promptly to mitigate the risk of exploitation.

SolarWinds has disclosed a critical security vulnerability (CVE-2024-28986) in its Web Help Desk software. The vulnerability allows remote code execution (RCE), giving attackers the ability to take control of affected systems.

SolarWinds has released a hotfix to address the vulnerability. Customers are strongly encouraged to apply the hotfix immediately.

According to SolarWinds, the vulnerability affects all versions of Web Help Desk prior to version 1283. The company has released a patch for version 1283 and above.

Customers who are unable to apply the hotfix immediately should take the following steps to mitigate the risk of exploitation:

• Disable Web Help Desk until the hotfix can be applied.
• Restrict access to Web Help Desk to only those users who need it.
• Monitor Web Help Desk logs for any suspicious activity.

SolarWinds has apologized for any inconvenience caused by this vulnerability and thanked customers for their cooperation.

Additional Resources

• SolarWinds Security Advisory
• Microsoft Security Response Center
• CISA Alert