Series of Microsoft Exchange Zero-Day Vulnerabilities Found

Read Time:2 Minute, 14 Second

Several zero-day security flaws on Microsoft Exchange servers were discovered by the company, reported Threat Post. A state-sponsored attack supposedly by China exploited the attack to spy on the United States.

Microsoft was able to identify the bugs which were used on on-premises applications of the Exchange Server. Threat actors were able to have unauthorized access to email accounts, which allowed them to steal significant amounts of data.

Moreover, the hackers were able to deploy malware on target systems, which can lead to long-term remote access. The tech giant described the attacks as “limited and targeted,” leading it to release patches last week.

The security flaws were labeled CVE-2021-266855, CVE-202126857, CVE-2021-26858, and CVE-2021-27065.

The source of the attack is thought to be threat actors operating out of China. The advanced persistent threat (APT), is known for attacking United States assets with cyber-espionage intent.

In the past, the group has targeted defense contractors, law firms, infectious disease researchers, policy think tanks, educational institutions, and non-governmental organizations.

Microsoft announced, “Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to Hafnium, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics, and procedures.”

Despite Microsoft’s actions to mitigate the effects of the vulnerabilities, researchers remain vigilant about activities involving the bugs.

A Huntress spokesperson told Threat Post, “The team is seeing organizations of all shapes and sizes affected, including electricity companies, local-/county governments, healthcare providers and banks/financial institutions, as well as small hotels, multiple senior citizen communities and other mid-market businesses.”

Regarding the bugs, a staff researcher engineer at Tenable told Threat Post, “The fact that Microsoft chose to patch these flaws out-of-band rather than include them as part of next week’s Patch Tuesday release leads us to believe the flaws are quite severe even if we don’t know the full scope of those attacks.”

This is not the first time that the Exchange server was compromised. According to ZDNet, the company also found a critical bug tagged CVE-2020-068 used by APTs.

The company explained, “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.”

Source : https://www.myce.com/news/series-of-microsoft-exchange-zero-day-vulnerabilities-found-96095/

Don’t hesitate to contact us:

Geetika Technosoft Pvt Ltd
E-mail : crm@gtechnosoft.in
T: 1800 212 6124
#GeetikaTechnosoft
#ManagedITService
#ITExpertsConsultation
#GloablITServiceProvider
#quality
#trustworthiness
#Cloud
#ArtificialIntelligence
#DataCenter
#MicrosoftAzure
#GoogleCloud
#Microsoft
#vulnerabilities