SolarWinds New Digital Code-Signing Certificate NEW
Recent as of February 22, 2021, 1:00pm CST
As announced by SolarWinds President and CEO Sudhakar Ramakrishna in his Orange Matter blog, , we're taking key steps to ensure the security and integrity of the software that we deliver to customers. SolarWinds uses a digital code-signing certificate to digitally sign each software build, and to help end users authenticate the code comes from us. As part of our response to the SUNBURST vulnerability, the code-signing certificate used by SolarWinds to sign the affected software versions will be revoked on March 8, 2021. This is industry-standard best practice for software that has been compromised.
Regretfully, the same digital code-signing certificate used to sign our Orion Platform software affected by the SUNBURST vulnerability was also used to sign additional SolarWinds products not known to be affected by SUNBURST. While this does not mean all products are compromised, it does mean the day-to-day operation of any software signed by the compromised digital code-signing certificate may be impacted by a user’s operating system, antivirus, or endpoint protection software when the certificate is publicly revoked on March 8, 2021.
The full list of products is available in the table below.
We’ve obtained new digital code-signing certificates and have rebuilt the affected versions, have re-signed our code and have re-released all of the products previously signed with the certificate to be revoked. To ensure the performance of your SolarWinds product(s), you must upgrade to these new builds before March 8, 2021. Subscribe to this RSS Feed to be notified when we update this page (note: you will need to cut and paste the "Subscribe to this RSS feed" URL into an RSS Feed Reader, e.g., Outlook's RSS Subscriptions, to monitor updates).
- Why are some digital code-signing certificates being revoked?
- What do I need to do?
- Where can I find a list of affected products?
- The deadline to update my software is March 8, 2021. Can I update early?
- What will happen on March 8, 2021 once the affected digital code-signing certificates are revoked?
- How can I find out what version of Orion Platform products I’m running?
- Should I manually revoke the certificate if it’s found on my system before March 8, 2021?
- Can I just replace the revoked code-signing certificate with the new one and keep my software running?
- I’m getting alerts from my antivirus and/or endpoint protection software that affected SolarWinds software has a low reputation score, or that it’s untrusted. What does that mean?
- Why do I need to reinstall or update software that wasn’t a part of the SUNBURST incident?
- What about SolarWinds software either fully certified or in the process of being certified against Common Criteria?
- What if I’m out of maintenance?
QUESTION 1
Recent as of 1/13/2021
Why are some digital code-signing certificates being revoked?
QUESTION 2
Recent as of 1/20/2021
What do I need to do?
To minimize any operational impact, we recommend that customers using affected products update where possible or re-install those products before March 8, 2021.
- The list of products we’ve digitally re-signed is maintained in the table below, with KB articles where we have provided steps you should follow to update those products.
QUESTION 3
Recent as of 2/22/2021
Where can I find a list of affected products?
Products which will be digitally re-signed are as follows:
Orion Platform Products, which include:- Orion Platform and SDK, Enterprise Operations Console (EOC)
- Networking: Network Performance Monitor (NPM), Network Configuration Manager (NCM), NetFlow Traffic Analyzer (NTA), Network Automation Manager (NAM), Application Centric Monitor (ACM), Network Operations Manager (NOM), IP Address Manager (IPAM), User Device Tracker (UDT), VoIP & Network Quality Manager (VNQM)
- Systems: Server & Application Monitor (SAM), Virtualization Manager (VMAN), Server Configuration Monitor (SCM), Storage Resource Monitor (SRM), Web Performance Monitor (WPM), Log Analyzer (LA)
- Database: Database Performance Analyzer Integration Module (DPAIM)
|
Orion Platform Version |
Recommended Action |
KB Article |
|
2020.2.4 |
No action needed |
|
|
2020.2.1 HF 2 2020.2.1 2020.2 HF 1 2020.2 |
Upgrade to 2020.2.4 |
|
|
2019.4.2 |
No action needed |
|
|
2019.4 HF 6 2019.4 HF 5 2019.4 HF 4 |
Upgrade to 2020.2.4 OR Upgrade to 2019.4.2 |
NOTE: If you're currently running a version of the Orion Platform not listed in the above table, your Orion Platform software is NOT impacted by the certification revocation, and you do not need to take action on those products.
Non-Orion Platform Products
|
Portfolio |
Product Name |
Affected Versions |
KB Articles |
|
Database |
Database Performance Analyzer (DPA) |
2019.4.1 SR 1 2020.2 2020.2 HF 2 2020.2.1 SR 1 2020.4 RC 1 2020.4 RC 2 2020.4 RC 3
|
|
|
Security |
Security Event Manager (SEM) |
2019.4.1 2020.2 2020.2.1 2020.4
|
|
|
Access Rights Manager (ARM) |
2020.2 2020.2.1 2020.2.2 2020.2.3
|
|
|
|
Patch Manager |
2020.2 2020.2.1
|
|
|
|
Application Performance Management |
Pingdom Recorder users | 2020.2.0.6002
2020.2.1.6402 2020.2.2.6824 |
|
|
Paid Tools |
Kiwi CatTools |
3.11.6 |
|
|
Kiwi Syslog Server |
9.7.1 9.7 |
|
|
| Dameware Remote Support Dameware Mini Remote Control |
12.1.1 | ||
|
Serv-U |
15.1.7 HF 5 15.2 15.2.1
|
|
|
|
ipMonitor |
11.1.0 |
|
|
| Engineer’s Toolset | 2020.2
2020.2.1 2020.2.2 |
ETS KB Article |
|
|
Mobile Admin |
8.2.2 8.2.3
|
|
Free Tools
For Free Tools, you will need to re-register to get the new software. Because an upgrade path for our Free tools is not available, we recommend you uninstall your current version before re-installing the latest build.
|
Free Tool |
Affected Version |
Latest Download |
|
Active Directory Admin Bundle |
20.3.0.21 |
|
|
Active Directory Permissions Analyzer |
20.3.0.49 |
|
|
Cost Calculator for Azure |
2020.4.0.692 |
|
|
Exchange Monitor |
2020.4.0.900 |
|
|
Port Scanner |
2020.4.0.565 |
|
|
Realtime Bandwidth Monitor |
2020.3.0.211 |
|
|
Response Time Viewer |
2020.3.0.64 |
|
| SFTP/SCP Server | 20.3.0.64 | Link |
| SNMP Enabler for Windows | 2020.3.0.64 | Link |
| TFTP Server | 11.0.5.162 | Link |
| WSUS Diagnostic Tool | 20.3.0.21 | Link |
QUESTION 4
Recent as of 1/20/2021
The deadline to update my software is March 8, 2021. Can I update early?
Yes, we recommend you update or reinstall as soon as possible. Updated software for licensed products, along with documentation and instructions for each product, is available in your Customer Portal at .
QUESTION 5
Recent as of 1/13/2021
What will happen on March 8, 2021 once the affected digital code-signing certificate is revoked?
Where affected SolarWinds software has been deployed, you may not see any immediate impact from the revocation of the digital code-signing certificate. However, we do expect the following scenarios could introduce an operational interruption:
- If you try to perform a fresh install of software signed with a revoked digital code-signing certificate: Your operating system will not allow you to install a fresh version of the software signed with the revoked certificate. Part of the installation process is a check to the Certificate Revocation List (CRL). That check will fail, as the certificate has been revoked, and the operating system will prevent installation.
- If you have an affected version already installed: If you try to install a component or add-on, the installation will be blocked by the same process as above.
- If you’re running a highly secure environment: Depending on which security controls have been implemented in your IT environment, affected SolarWinds products may cease operation once the code-signing certificate is revoked.
- Systems protected by antivirus and endpoint protection software: Based on the policy of your security software, and on how that security software acts with software signed with a revoked code-signing certificate, affected SolarWinds products may experience interruption sooner than the above-described scenarios.
QUESTION 6
Recent as of 2/22/2021
How can I find out what product version I’m running?
If you aren’t sure which version of the products you’re using, you can see directions on how to check that . To check which hotfix updates you’ve applied, please go .
For other products, will provide instructions for finding the version number of SolarWinds products that do not run on the Orion Platform.
QUESTION 7
Recent as of 1/13/2021
Should I manually revoke the digital code-signing certificate if it’s found on my system before March 8, 2021?
QUESTION 8
Recent as of 1/13/2021
Can I just replace the revoked digital code-signing certificate with the new one and keep my software running?
QUESTION 9
Recent as of 1/13/2021
I’m getting alerts from my antivirus and/or endpoint protection software that affected SolarWinds software has a low reputation score, or that it’s untrusted. What does that mean?
QUESTION 10
Recent as of 1/13/2021
Why do I need to reinstall or update software that wasn’t a part of the SUNBURST incident?
QUESTION 11
Recent as of 1/13/2021
What about SolarWinds software either fully certified or in the process of being certified against Common Criteria?
The only Common Criteria distribution affected by the revocation of the digital code-signing certificate is SolarWinds Access Rights Manager (ARM) 2020.2.1, which is under evaluation by the Singapore Common Criteria Scheme. ARM 2020.2.1 will be updated to 2020.2.4, which will be signed by a new digital code-signing certificate.
QUESTION 12
Recent as of 1/13/2021
What if I’m out of maintenance?