SolarWinds Releases Updates to Address Vulnerability Related to SUPERNOVA Malware

AUSTIN, Texas--(BUSINESS WIRE)-- SolarWinds (NYSE:SWI), a leading provider of powerful and

affordable IT management software, today announced it released updates in response to the
SUPERNOVA malware for all supported versions of SolarWinds ® Orion® Platform products and a fix
for customers on unsupported versions of these products.

Third parties and the media have publicly reported on a malware, now referred to as SUPERNOVA.
Based on SolarWinds’ investigation, this malware could be deployed through an exploitation of a
vulnerability in the Orion Platform. Like other software companies, SolarWinds seeks to responsibly
disclose vulnerabilities in its products to customers, while also mitigating the risk that bad actors
seek to exploit those vulnerabilities, by releasing updates to their products before the company
discloses the vulnerabilities.

SolarWinds provided two hotfix updates on December 14 and 15, 2020, that contained security
enhancements, including those designed to prevent certain versions of the Orion Platform products
from being exploited in a SUPERNOVA attack.

The company also released similar updates for all other supported versions of the Orion Platform
products and a fix for customers on unsupported versions of these products.

SolarWinds recommends that all active maintenance customers of Orion Platform products, except
those customers already on Orion Platform versions 2019.4 HF6 or 2020.2.1 HF2, apply the latest
updates related to the version of the product they have deployed, as soon as possible. Customers
can visit the SolarWinds Security Advisory page for instructions for and access to these updates.

These updates include versions:

 2019.4 HF 6 (released on Dec 14, 2020)

 2020.2.1 HF 2 (released on Dec 15, 2020)
 2019.2 Security Patch (released on Dec 23, 2020)
 2018.4 Security Patch (released on Dec 23, 2020)
 2018.2 Security Patch (released on Dec 23, 2020)

If customers are unable to upgrade at this time, or are running a version prior to 2018.2, SolarWinds
is providing a script that customers can quickly install to help protect their environment. The script is
available on the Security Advisory page.

SolarWinds encourages customers to refer to the security best practices that are available on the
SolarWinds Security Advisory page at www.solarwinds.com/securityadvisory and FAQ
at www.solarwinds.com/securityadvisory/faq.

SolarWinds’ focus has been on helping customers protect the security of their environments. The
company’s commitment to customers remains high, and they are introducing a new program
designed to address the issues that customers face.

SolarWinds has developed a program to provide professional consulting resources experienced with
the Orion Platform and products to assist customers who need guidance on or support upgrading to
the latest hotfix updates. These consulting services will be provided at no charge to active
maintenance Orion Platform product customers. The company wants to make sure that customers
working to secure their environments have the help and assistance they need from knowledgeable
resources.
The company intends to provide more information and details regarding this program next week on
the Security Advisory page.

The company continues to work with leading security experts in our investigations to help further
secure our products and internal systems.

Resources

 Security Advisory: solarwinds.com/securityadvisory
 FAQ: solarwinds.com/securityadvisory/faq

#SWIcorporate

Forward-Looking Statements

This press release contains “forward-looking” statements, which are subject to the safe harbor
provisions of the Private Securities Litigation Reform Act of 1995, including statements regarding
SolarWinds’ understanding of the vulnerability in its Orion Platform products related to the
SUPERNOVA malware, the ability of any version or hotfix updates and the script to prevent a
SUPERNOVA attack, what customers should do to prevent a SUPERNOVA attack and the ability of our
professional services program to provide the help and assistance they need. The forward-looking
statements in this press release are based on management's beliefs and assumptions and on
information currently available to management, which may change as we continue to address the
vulnerability in our products, investigate the SUNBURST vulnerability and related matters and as new
or different information is discovered about these matters or generally. Forward-looking statements
include all statements that are not historical facts and may be identified by terms such as “aim,”
“anticipate,” “believe,” “can,” “could,” “seek,” “should,” “feel,” “expect,” “will,” “would,” “plan,”
“intend,” “estimate,” “continue,” “may,” or similar expressions and the negatives of those terms.
Forward-looking statements involve known and unknown risks, uncertainties and other factors that
may cause actual results, performance or achievements to be materially different from any future
results, performance or achievements expressed or implied by the forward-looking statements.
Factors that could cause or contribute to such differences include, but are not limited to, (a) the
discovery of new or different information regarding the SUPERNOVA malware, the SUNBURST
vulnerability and related security incidents or of additional vulnerabilities within, or attacks on,
SolarWinds’ products, services and systems, (b) the possibility that SolarWinds’ mitigation and
remediation efforts with respect to the SUPERNOVA malware or the SUNBURST vulnerability and
related security incidents may not be successful, (c) the possibility that customer, personnel or other
data was exfiltrated as a result of the SUPERNOVA malware or the SUNBURST vulnerability and
related security incidents, (d) numerous financial, legal, reputational and other risks to SolarWinds
related to the SUPERNOVA malware or the SUNBURST vulnerability and related security incidents,
including risks that the incidents may result in the loss, compromise or corruption of data, loss of
business, severe reputational damage adversely affecting customer or vendor relationships and
investor confidence, U.S. or foreign regulatory investigations and enforcement actions, litigation,
indemnity obligations, damages for contractual breach, penalties for violation of applicable laws or
regulations, significant costs for remediation and the incurrence of other liabilities, (e) risks that
SolarWinds’ insurance coverage, including coverage relating to certain security and privacy damages
and claim expenses, may not be available or sufficient to compensate for all liabilities SolarWinds
incurs related to these matters and (f) such other risks and uncertainties described more fully in
documents filed with or furnished to the U.S. Securities and Exchange Commission by SolarWinds,
including the risk factors discussed in SolarWinds’ Annual Report on Form 10-K for the period ended
December 31, 2019, filed on February 24, 2020, its Quarterly Report on Form 10-Q for the quarter
ended March 31, 2020, filed on May 8, 2020, its Quarterly Report on Form 10-Q for the quarter
ended June 30, 2020, filed on August 10, 2020 and its Quarterly Report on Form 10-Q for the quarter
ended September 30, 2020, filed on November 5, 2020. All information provided in this Blog Post is
as of the date hereof and SolarWinds undertakes no duty to update this information except as
required by law.

About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of powerful and affordable IT management software.

Our products give organizations worldwide—regardless of type, size, or complexity—the power to
monitor and manage their IT services, infrastructures, and applications; whether on-premises, in the
cloud, or via hybrid models. We continuously engage with technology professionals—IT service and
operations professionals, DevOps professionals, and managed services providers (MSPs)—to
understand the challenges they face in maintaining high-performing and highly available IT
infrastructures and applications. The insights we gain from them, in places like
our THWACK community, allow us to solve well-understood IT management challenges in the ways
technology professionals want them solved. Our focus on the user and commitment to excellence in
end-to-end hybrid IT management has established SolarWinds as a worldwide leader in solutions for
network and IT service management, application performance, and managed services. Learn more
today at www.solarwinds.com.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of
SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office,
and may be registered or pending registration in other countries. All other SolarWinds trademarks,
service marks, and logos may be common law marks or are registered or pending registration. All
other trademarks mentioned herein are used for identification purposes only and are trademarks of
(and may be registered trademarks of) their respective companies.