Exchange Exploitation: Not Dead Yet
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover. March Madness is a jovial nickname for the third month of the year but in 2021, the cybersecurity industry felt the brunt of March madness for a reason other than basketball: mass exploitation of Microsoft Exchange Servers. Almost two months later, we re still living in the aftermath of this widespread incident.
Related Content:
On March 1, Huntress learned about new vulnerabilities that would offer an unauthorized actor full control of a Microsoft Exchange server. These vulnerabilities were not yet disclosed, but enterprise organizations and small- to medium-sized businesses were already being exploited. On March 2, Microsoft released its first security advisory, warning companies about these dangerous vulnerabilities. Unfortunately, it seemed Microsoft s initial announcement mi
Office 365 shop? You may be exposed too. Here’s why – according to Sophos
David Gordon Tue 27 Apr 2021 // 07:00 UTC Share
Copy
Promo If you’re running Microsoft Exchange anywhere in your organisation and you’re not extremely concerned about the threat from Hafnium, you haven’t been paying attention this year.
Admittedly there’s a lot to pay attention to. The Hafnium name refers to both the allegedly Chinese government-linked group which has emerged as the main driver behind a wave of attacks aimed at exploiting zero day vulnerabilities in multiple versions of Exchange, as well as the exploits and malware they are using to gain free rein over your systems.
WASHINGTON: Microsoft urgently updated its free Exchange server Indicators of Compromise tool and released emergency alternative mitigation measures overnight as the extent of damage globally from four recently disclosed zero-day vulnerabilities becomes clearer.
The IoC tool can be used to scan Exchange server log files to determine whether or not they are compromised. The emergency alternative mitigations, which are only partial and not considered the best fix, can be taken temporarily by organizations unable to immediately patch the four Exchange vulnerabilities that are being actively exploited in the wild. The severity of the vulnerabilities, as well as the widespread use of Exchange servers globally, prompted Microsoft to release out-of-band patches on Mar. 2.