The Microsoft Security Response Center yesterday released several security updates for Microsoft Exchange Server. These updates were targeted at addressing vulnerabilities that have been used in a few focused and targeted attacks.
The vulnerabilities have been deemed to be very critical in nature and Microsoft urges and advises its customers to update the affected systems without further delay to protect themselves against these attacks and to prevent further abuse of their systems.
Microsoft states that these vulnerabilities have affected only Microsoft Exchange Server and have not affected Exchange Online.
Defense in Depth purpose updates is being carried out on Microsoft Exchange Server 2010.
“Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed the installation of additional malware to facilitate long-term access to victim environments.”
The vulnerabilities were used as part of an attack chain. Initially, these attacks need to have the ability to make an untrusted connection to Exchange server port 443 which can be saved by either restricting the untrusted connections, or by setting up a VPN to separate the Exchange server from external access.
By using this proposed method of protection, one would only protect against the initial portion of the attack. But other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file.
Microsoft has asked its users to prioritize updating external-facing Exchange Servers and then moving on to update others.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.
The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing approximately USD 42 million in ransom payments.…
A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale on a notorious hacker forum. This…
Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400. This zero-day flaw, found…
IT employees in the automotive industry are often targeted by hackers because they have access to sensitive information such as…
As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS, APT44) cyber threat group remains highly…
A new banker, SoumniBot, has recently been identified. It targets Korean users and is incredible by using an unusual method…