Monday, October 7, 2024
HomeCVE/vulnerabilityMicrosoft Issues Emergency Patch as Chinese Hackers Exploiting Exchange Server Flaws

Microsoft Issues Emergency Patch as Chinese Hackers Exploiting Exchange Server Flaws

Published on

The Microsoft Security Response Center yesterday released several security updates for Microsoft Exchange Server. These updates were targeted at addressing vulnerabilities that have been used in a few focused and targeted attacks.

Nature of vulnerabilities

The vulnerabilities have been deemed to be very critical in nature and Microsoft urges and advises its customers to update the affected systems without further delay to protect themselves against these attacks and to prevent further abuse of their systems.

Microsoft states that these vulnerabilities have affected only Microsoft Exchange Server and have not affected Exchange Online.

- Advertisement - EHA

Vulnerabilities

Affected versions

  • Microsoft Exchange Server 2013  
  • Microsoft Exchange Server 2016  
  • Microsoft Exchange Server 2019 

Defense in Depth purpose updates is being carried out on Microsoft Exchange Server 2010.

HAFNIUM Targeting Exchange Servers

“Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed the installation of additional malware to facilitate long-term access to victim environments.”

Process and mitigating ways of vulnerabilities

The vulnerabilities were used as part of an attack chain. Initially, these attacks need to have the ability to make an untrusted connection to Exchange server port 443 which can be saved by either restricting the untrusted connections, or by setting up a VPN to separate the Exchange server from external access.

By using this proposed method of protection, one would only protect against the initial portion of the attack. But other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file.

Microsoft has asked its users to prioritize updating external-facing Exchange Servers and then moving on to update others.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently...

RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the...