Microsoft Exchange Server hack

Four zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited by a state-sponsored threat group from China and appear to have been adopted by other cyberattackers in widespread attacks.

While in no way believed to be connected to the SolarWinds supply chain attack that has impacted an estimated 18,000 organizations worldwide — so far — there is concern that lags in patching vulnerable servers could have a similar impact, or worse, on businesses.

WHAT HAPPENED?

Microsoft told security expert Brian Krebs that the company was made aware of four zero-day bugs in “early” January.

A DEVCORE researcher, credited with finding two of the security issues, appears to have reported them around January 5. Going under the handle “Orange Tsai,” the researcher tweeted:

“Just report a pre-auth RCE chain to the vendor. This might be the most serious RCE I have ever reported.”

According to Volexity, attacks using the four zero-days may have started as early as January 6, 2021. Dubex reported suspicious activity on Microsoft Exchange servers in the same month.

By Charlie Osborne

March 9, 2021

Click to read the entire article on ZDNet

More Posts

November 18 through 21, 2024

I will be away from my desk in the late morning every day this week due to appointments. Otherwise I will be continuing to work