Web Help Desk software has been reported to be vulnerable, and SolarWinds has released a critical patch to fix this problem. The error was given a classification number, CVE-2024-28986 and using the CVSS scoring system was given a total of 9. 8. It could potentially allow attackers to execute any code on the systems which these plugins had compromised. The risk that became a Java deserialization remote code execution (RCE) issue allows hackers to enter the system and potentially steal confidential information. Although SolarWinds has claimed that it could replicate the defect only when it conducts a login, the company advises all Web Help Desk consumers to install the fix.
To address this risk, SolarWinds has made a hotfix to Web Help Desk version 12 available to its clients. 8. 3. Users should update to this version and then install the hotfix to get full protection, the company says. A lot of information on how to apply the patch is available on the SolarWinds customer portal.
This incident highlights the need to update the software and install security patches when required. Hackers are always ready to take opportunities to attack organizations. Customers of SolarWinds are encouraged to seek this patch and ensure it is deployed to protect their systems from the attacks.
However, organizations should consider enhancing security by continuing to monitor the network and doing things such as network segregation, enforcing password compliance, conducting awareness programs for employees, and performing frequent backups, among other things. It will, therefore, be necessary for organizations to practice good patch management in conjunction with other sound security best practices in the system to lower the likelihood of being worked on by hackers.
