CyberSecurityBoard
Sponsor Register Login

SolarWinds releases third patch to fix Web Help Desk RCE bug

SolarWinds has issued its third security patch to address a critical remote code execution (RCE) vulnerability in its Web Help Desk software. This vulnerability, identified as CVE-2023-35078, allows attackers to execute arbitrary code on affected systems, posing significant risks to organizations using this popular IT service management tool. The Web Help Desk RCE flaw was initially discovered and reported by security researchers, prompting SolarWinds to release multiple patches to mitigate the threat. Despite previous updates, the persistence of the vulnerability necessitated a third patch to ensure comprehensive protection. This latest update underscores the importance of timely patch management and vigilance in cybersecurity practices. Organizations are strongly advised to apply the patch immediately to prevent exploitation by threat actors who could leverage this vulnerability to gain unauthorized access, disrupt services, or deploy malware. SolarWinds continues to monitor the situation and collaborate with cybersecurity experts to enhance the security posture of its products. This incident highlights the ongoing challenges in securing complex software environments and the critical role of proactive vulnerability management in safeguarding digital infrastructure.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 23 Sep 2025 13:45:18 +0000


Cyber News related to SolarWinds releases third patch to fix Web Help Desk RCE bug

8 Strategies for Defending Against Help Desk Attacks - COMMENTARY. Defensive security techniques often lag offensive attack tactics, opening companies to heightened risk from rapidly evolving threats. An alarming case in point is the help desk, one of today's most exposed organizational Achilles' heels. ...
1 year ago Darkreading.com
15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
8 months ago Cybersecuritynews.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
1 year ago Techtarget.com
Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack | The Record from Recorded Future News - Cleaning product giant Clorox has filed a lawsuit against Cognizant, a company it hired to operate its IT services call-in help desk, accusing the contractor of being directly responsible for a 2023 cyberattack that cost hundreds of millions. In ...
3 months ago Therecord.media
SolarWinds releases third patch to fix Web Help Desk RCE bug - SolarWinds has issued its third security patch to address a critical remote code execution (RCE) vulnerability in its Web Help Desk software. This vulnerability, identified as CVE-2023-35078, allows attackers to execute arbitrary code on affected ...
1 month ago Bleepingcomputer.com CVE-2023-35078
Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 - COMMENTARY. In December 2020, the SolarWinds attack sent shockwaves around the world. Attackers gained unauthorized access to SolarWinds' software development environment, injected malicious code into Orion platform updates, and created a backdoor ...
1 year ago Darkreading.com
SolarWinds Files Motion to Dismiss SEC Lawsuit - In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information ...
1 year ago Darkreading.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
SolarWinds Web Help Desk Vulnerability Exposes Critical Security Risks - SolarWinds Web Help Desk, a widely used IT service management tool, has been found to contain a critical vulnerability that could allow attackers to gain unauthorized access to sensitive systems. This security flaw, identified as CVE-2023-35078, ...
1 month ago Cybersecuritynews.com CVE-2023-35078
Critical RCE flaws found in SolarWinds access audit solution - Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges. SolarWinds ARM is a tool that enables organizations to ...
1 year ago Bleepingcomputer.com
What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
2 years ago Hackread.com
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
7 months ago Cybersecuritynews.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
1 year ago Heimdalsecurity.com
Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
1 year ago Packetstormsecurity.com CVE-2023-42793
Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast - Veeam fixes RCE flaw in backup management platformVeeam has patched a high-severity vulnerability in Veeam Service Provider Console and is urging customers to implement the patch. May 2024 Patch Tuesday forecast: A reminder of recent threats and ...
1 year ago Helpnetsecurity.com CVE-2024-3661
Securing helpdesks from hackers: What we can learn from the MGM breach - In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to security, particularly when it comes to verifying the identity of employees contacting the helpdesk. In this article, we'll explore how ...
1 year ago Bleepingcomputer.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
RCE vulnerabilities fixed in SolarWinds enterprise solutions - SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. The company whose Orion IT administration platform has been infamously compromised ...
1 year ago Helpnetsecurity.com CVE-2024-23476 CVE-2024-23479 CVE-2024-23477 CVE-2023-40057 CVE-2024-23478 CVE-2023-50395 CVE-2023-35188
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
2 years ago Hackread.com Hunters
How to conduct security patch validation and verification - Validation and verification are important steps in the security patch management lifecycle. They help to determine the impact of a patch on the security and efficiency of an organization's IT assets. Patch validation is the process of examining newly ...
1 year ago Techtarget.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
1 year ago Techtarget.com
Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
2 years ago Bleepingcomputer.com
CVE-2024-51670 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Stored XSS.This issue affects JS Help Desk – Best Help Desk & Support ...
1 year ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)