iTWire Wednesday, 17 March 2021 11:30 Microsoft offers mitigation for Exchange attack, silent on alleged code leak Featured Pixabay
Microsoft has offered users of Exchange Server a means of mitigating the so-called ProxyLogon attack, a one-click tool that it says has been tested across the 2013, 2016 and 2019 versions of Exchange Server.
But the company said the tool was not totally fool-proof.
The company has not said anything about reports emerging last Friday that exploit code for attacking mail servers had been leaked by Microsoft s security partners.
The Wall Street Journal
cited people familiar with the matter as making the claim. A wave of attacks used code similar to that which Microsoft provided to anti-virus companies on 23 February, the report claimed.
By Juha Saarinen on Mar 16, 2021 12:27PM
Halts first part of exploit chain.
Microsoft has released a PowerShell script to help customers running its Exchange Server on-premises software to quickly and easily mitigate against an attack chain of vulnerabilities that is under heavy exploitation currently.
The Exchange On-Premises Mitigation Tool or EOMT is recommended over Microsoft s earlier ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability through a uniform resource locator (URL) rewrite configuration.
This, Microsoft said, mitigates against the known methods of exploiting the CVE-2021-26855 server-side request forgery authentication bypass vulnerability, which forms the first part of a four-stage attack chain that can lead to full system compromise.
Microsoft has released an interim mitigation tool designed to help smaller organizations take quick action to prevent attacks that exploit the unpatched ProxyLogon
BankInfoSecurity
May 5, 2021 Twitter Get Permission
It has been an open question as to how a half-dozen hacking groups began exploiting Exchange servers in an automated fashion in the days leading up to Microsoft s patches. But there are strong signs that exploit code leaked, and the question now is: Who leaked it?
A Taiwanese computer security researcher indicated on Friday that exploit code he developed and privately shared with Microsoft in early January ended up in hostile hands.
It s an unsatisfactory prospect that how the Exchange exploit leak occurred may never be solved. But it may direct questions back to Microsoft as to whether the MAPP is still worth it.
By Ionut Arghire on March 12, 2021
In addition to state-sponsored threat actors, the recently disclosed vulnerabilities affecting Microsoft Exchange Server are now being targeted by ransomware operators.
A total of four critical zero-day vulnerabilities that are collectively referred to as ProxyLogon were patched in Exchange Server at the beginning of this month, and activity surrounding the bugs has only intensified since.
This week, ESET revealed that it has identified at least 10 threat actors that are attempting to exploit these vulnerabilities in their attacks, including Calypso, LuckyMouse (also tracked as APT27), Mikroceen, ShadowPad, Tick (also known as Bronze Butler), Tonto Team (CactusPete), Websiic, Winnti Group (BARIUM, APT41), and DLTMiner.