2 comments

[ 4.7 ms ] story [ 17.2 ms ] thread
I removed the word "important" from the title to fit under the character limit.
The actual steps are described there: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance...

1. Run up to date antivirus or EDR products that detect compromised SolarWinds libraries [...]

2. Block known C2 endpoints listed below in IOCs using your network infrastructure.[...]

3. Follow the best practices of your identity federation technology provider in securing your SAML token signing keys. [...]

4. Ensure that user accounts with administrative rights follow best practices, including use of privileged access workstations, JIT/JEA, and strong authentication. [...]

5. Ensure that service accounts and service principals with administrative rights use high entropy secrets, like certificates, stored securely.[...]

6. Reduce surface area by removing/disabling unused or unnecessary applications and service principals.[...]