The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020.
CISA’s Supplemental Guidance to Emergency Directive 21-01 demands this from all agencies using Orion versions unaffected in the SolarWinds supply chain attack.
“We issued V2 supplemental guidance to Emergency Directive 21-01,” CISA tweeted. “Agencies using non-affected versions must update to the new version.”
Source: Bleeping Computer