Now Hackers Are Attacking Exchange Server Vulnerabilities

March 30, 2021

Written by wukovits

In early January of this year (2021), Microsoft informed security expert Brian Krebs that the company found four zero-day security flaws in their Exchange Server. Those flaws were actively being exploited by a persistent threat group known as Halfnium, sponsored by the Chinese government.

According to Microsoft’s statistics, more than 30,000 Exchange Servers had already been impacted, with some industry experts putting that number closer to 60,000.

Halfnium was the first group to begin exploiting these security flaws. However, there is a growing body of evidence that the most recent attacks are coming from groups other than Halfnium, which means that word has gotten out.

If there’s a silver lining to be found in this news, it lies in the fact that Microsoft moved quickly and issued a patch to address all four of the security issues. Unfortunately, the speed at which new security patches varies wildly from one organization to the next, and at present there are millions of Exchange servers around the world still vulnerable to these attacks.

If you use Exchange Server, you owe it to yourself to make sure you’ve got the latest security patch installed.

For your reference, the four flaws addressed by the patch are as follows:

  • CVE-2021-26855: CVSS 9.1: A Server Side Request Forgery (SSRF) vulnerability leading to crafted HTTP requests being sent by unauthenticated attackers. Servers need to be able to accept untrusted connections over port 443 for the bug to be triggered.
  • CVE-2021-26857: CVSS 7.8: An insecure deserialization vulnerability in the Exchange Unified Messaging Service, allowing arbitrary code deployment under SYSTEM. Note that this vulnerability needs to be combined with another or stolen credentials must be used.
  • CVE-2021-26858: CVSS 7.8: and CVE-2021-27065: CVSS 7.8: A post-authentication arbitrary file write vulnerability to write to paths.

This is a serious issue that could have catastrophic ripple effects. Again, if you use Exchange Server, check your patch status right away.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.