Blog

Now Hackers Are Attacking Exchange Server Vulnerabilities

Mar 30, 2021 | Blog

In early January of this year (2021), Microsoft informed security expert Brian Krebs that the company found four zero-day security flaws in their Exchange Server. Those flaws were actively being exploited by a persistent threat group known as Halfnium, sponsored by the Chinese government.

According to Microsoft’s statistics, more than 30,000 Exchange Servers had already been impacted, with some industry experts putting that number closer to 60,000.

Halfnium was the first group to begin exploiting these security flaws. However, there is a growing body of evidence that the most recent attacks are coming from groups other than Halfnium, which means that word has gotten out.

If there’s a silver lining to be found in this news, it lies in the fact that Microsoft moved quickly and issued a patch to address all four of the security issues. Unfortunately, the speed at which new security patches varies wildly from one organization to the next, and at present there are millions of Exchange servers around the world still vulnerable to these attacks.

If you use Exchange Server, you owe it to yourself to make sure you’ve got the latest security patch installed.

For your reference, the four flaws addressed by the patch are as follows:

  • CVE-2021-26855: CVSS 9.1: A Server Side Request Forgery (SSRF) vulnerability leading to crafted HTTP requests being sent by unauthenticated attackers. Servers need to be able to accept untrusted connections over port 443 for the bug to be triggered.
  • CVE-2021-26857: CVSS 7.8: An insecure deserialization vulnerability in the Exchange Unified Messaging Service, allowing arbitrary code deployment under SYSTEM. Note that this vulnerability needs to be combined with another or stolen credentials must be used.
  • CVE-2021-26858: CVSS 7.8: and CVE-2021-27065: CVSS 7.8: A post-authentication arbitrary file write vulnerability to write to paths.

This is a serious issue that could have catastrophic ripple effects. Again, if you use Exchange Server, check your patch status right away.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech