Microsoft has announced that Microsoft Defender will begin quarantining compromised SolarWind Orion binaries starting tomorrow morning. Russian nation-state hackers breached SolarWinds, a network management software developer, and added malicious code to their Orion Platform. The malicious binaries were then distributed via SolarWind’s auto-update mechanism to approximately 18,000 customers, including numerous US government agencies. Microsoft is already detecting the backdoor, but they have not quarantined the binaries as it could affect essential network management operations used by customers. Microsoft has created GPO policies that can be used to alter Microsoft Defender’s behavior.
Source: https://www.bleepingcomputer.com/news/security/microsoft-to-quarantine-compromised-solarwinds-binaries-tomorrow/