Microsoft patches 100 security flaws acs.org.au - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from acs.org.au Daily Mail and Mail on Sunday newspapers.
Feds Discover Additional Microsoft Exchange Vulnerabilities
The U.S. National Security Agency discovered and notified Microsoft of two Exchange Server vulnerabilities that could allow hackers to persistently access and control enterprise networks. By Michael Novinson April 13, 2021, 06:07 PM EDT
The U.S. National Security Agency discovered and notified Microsoft of two Exchange Server vulnerabilities that could allow hackers to persistently access and control enterprise networks.
The latest flaws impact on-premises Microsoft Exchange Servers 2013, 2016, and 2019, and could be exploited by adversaries to gain access and maintain persistence on the target host, according to the Cybersecurity and Infrastructure Security Agency. These flaws are likely to be weaponized, and CISA said there’s high potential they could compromise the integrity and confidentiality of agency information.
The U.S. National Security Agency discovered and notified Microsoft of two Exchange Server vulnerabilities that could allow hackers to persistently access and control enterprise networks.
The latest flaws impact on-premises Microsoft Exchange Servers 2013, 2016, and 2019, and could be exploited by adversaries to gain access and maintain persistence on the target host, according to the Cybersecurity and Infrastructure Security Agency. These flaws are likely to be weaponised, and CISA said there’s high potential they could compromise the integrity and confidentiality of agency information.
“CISA has determined that these vulnerabilities pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action,” the agency wrote in a supplemental directive issued Tuesday. Federal agencies with on-premises Microsoft Exchange servers are required to deploy Microsoft’s patches by 12:01 a.m. USET Friday or remove the servers from agency networks, CISA said.
FBI hacks compromised Exchange servers as more companies get targeted
SHARE
In a possibly unprecedented move, the U.S. Federal Bureau Investigation has obtained a court order to allow it to hack compromised Microsoft Corp. Exchange Servers to remove vulnerabilities as more stories of Exchange servers being targeted continue to emerge.
The court order allowed the FBI to copy and remove malicious web shells from hundreds of vulnerable computers that were compromised by so-called Hafnium attacks first revealed by Microsoft security researchers March 2. Hafnium was described at the time as Chinese state-sponsored hackers targeting a number of recently identified vulnerabilities for which patches had been issued.