Monday, April 15, 2024

Microsoft Issues Emergency Patch as Chinese Hackers Exploiting Exchange Server Flaws

The Microsoft Security Response Center yesterday released several security updates for Microsoft Exchange Server. These updates were targeted at addressing vulnerabilities that have been used in a few focused and targeted attacks.

Nature of vulnerabilities

The vulnerabilities have been deemed to be very critical in nature and Microsoft urges and advises its customers to update the affected systems without further delay to protect themselves against these attacks and to prevent further abuse of their systems.

Microsoft states that these vulnerabilities have affected only Microsoft Exchange Server and have not affected Exchange Online.


Affected versions

  • Microsoft Exchange Server 2013  
  • Microsoft Exchange Server 2016  
  • Microsoft Exchange Server 2019 

Defense in Depth purpose updates is being carried out on Microsoft Exchange Server 2010.

HAFNIUM Targeting Exchange Servers

“Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed the installation of additional malware to facilitate long-term access to victim environments.”

Process and mitigating ways of vulnerabilities

The vulnerabilities were used as part of an attack chain. Initially, these attacks need to have the ability to make an untrusted connection to Exchange server port 443 which can be saved by either restricting the untrusted connections, or by setting up a VPN to separate the Exchange server from external access.

By using this proposed method of protection, one would only protect against the initial portion of the attack. But other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file.

Microsoft has asked its users to prioritize updating external-facing Exchange Servers and then moving on to update others.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.


Latest articles

Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent...

Microsoft .NET, .NET Framework, & Visual Studio Vulnerable To RCE Attacks

A new remote code execution vulnerability has been identified to be affecting multiple Microsoft...

LightSpy Hackers Indian Apple Device Users to Steal Sensitive Data

The revival of the LightSpy malware campaign has been observed, focusing on Indian Apple...

LightSpy Malware Attacking Android and iOS Users

A new malware known as LightSpy has been targeting Android and iOS users.This sophisticated...

This Startup Aims To Simplify End-to-End Cybersecurity, So Anyone Can Do It

The Web3 movement is going from strength to strength with every day that passes....

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles