SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Summary
Microsoft has observed threat actors exploiting internet-exposed SolarWinds Web Help Desk (WHD) instances to gain initial access and move laterally within victim networks. The attacks are multi-stage intrusions targeting high-value assets. It is unclear if recently disclosed vulnerabilities were weaponized.
IFF Assessment
FOE
Exploitation of SolarWinds Web Help Desk for initial access provides attackers with a foothold in victim networks.
Severity
9.8
Critical
(AI Estimated)
Defender Context
This highlights the importance of patching and securing SolarWinds WHD instances. Defenders should monitor for suspicious activity originating from WHD servers and review network segmentation to limit lateral movement. Vulnerabilities in commonly used IT management software remain a popular target for attackers.