We are receiving reports of customers with compromised MS Exchange servers.
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Latest news indicates that “cyber espionage operations using the SSRF vulnerability CVE-2021-26855 started occurring on January 3, 2021,” (https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/)
On March 2, Microsoft released updates for Exchange Server and informed of “multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.” (https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-exchange-zero-day-bugs-patch-now/)
Due to the severity of the attacks, Microsoft recommends that administrators "install these updates immediately" to protect Exchange servers from these attacks.
There is a set of tools from Microsoft for checking and repairing Exchange servers that have been victim to these exploits:
https://github.com/microsoft/CSS-Exchange/tree/main/Security
In addition, it appears that a botnet is using these exploits to mine crytpcurrency on MS Exchnage servers:
https://securityboulevard.com/2021/04/monero-cryptominer-attack-exploits-exchange-server-flaw/
We recommend that all MS Exchange administrators check their servers for these exploits and install all necessary patches.
Comments
0 comments
Please sign in to leave a comment.