Close Menu
Compliance

Exposed Apps: The SolarWinds Wake-Up Call

Staff WriterBy No Comments3 Mins Read4 Views

Quick Takeaways

  1. Recent vulnerabilities in SolarWinds Web Help Desk (WHD) have made exposed instances prime targets for threat actors, highlighting significant risks related to applications on the public Internet.

  2. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-40551, a critical flaw, to its Known Exploited Vulnerabilities catalog, emphasizing the urgency of addressing these vulnerabilities.

  3. Attackers have employed living-off-the-land techniques, using legitimate administrative tools to move laterally within compromised networks, starting from Internet-exposed WHD instances.

  4. Security experts recommend immediate actions, such as securing WHD instances behind firewalls, updating to the latest version, and removing unauthorized remote access tools to mitigate risks effectively.

SolarWinds WHD Vulnerabilities Exposed

Recent attacks on SolarWinds Web Help Desk (WHD) have raised alarms about the dangers of publicly exposed applications. Threat actors have targeted WHD, an IT support and asset management platform used by various enterprises and government agencies. While multiple vendors have issued warnings, the specific vulnerabilities under attack remain unclear. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw, CVE-2025-40551, to its Known Exploited Vulnerabilities Catalog. This flaw was first reported by SolarWinds in January, alongside five other vulnerabilities. Microsoft has also noted multistage attacks against WHD instances, though it has not confirmed if the attacks exploited newer or older vulnerabilities.

Unfortunately, many organizations leave their WHD instances exposed to the public Internet. This oversight makes them easy targets for cyberattacks. Microsoft describes this pattern as common yet highly impactful, emphasizing that a single exposed application can lead to full network compromise. According to reports, attackers utilized legitimate administrative tools for lateral movement within the network, starting from the Internet-exposed WHD instances. Both Microsoft and Huntress urge organizations to secure these instances and reduce exposure to mitigate risks effectively.

Strategies for Mitigating Risks

Experts recommend that organizations place their WHD instances behind firewalls or VPNs to limit direct Internet exposure. Doing so can help prevent “spray and pray” attacks from opportunistic threat actors. Furthermore, companies should update their WHD instances to version 2026.1 or later and check for unauthorized remote access tools. Microsoft also advises evicting any remote monitoring tools and rotating credentials for WHD service.

As cyber threats evolve, organizations must stay vigilant. By adopting these strategies, they can significantly reduce their risk and safeguard their critical assets against potential breaches.

Expand Your Tech Knowledge

Dive deeper into the world of Cryptocurrency and its impact on global finance.

Explore past and present digital transformations on the Internet Archive.

CyberRisk-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.