Mass exploitation of vulnerabilities in Microsoft Exchange email servers
#1
A former Microsoft security staffer has warned that cybercriminals are exploiting vulnerabilities in Microsoft Exchange email servers en masse because organizations were not properly warned which systems to patch.

Many organizations appear not to have patched, which has led to mass exploitation of the vulnerabilities, warned Kevin Beaumont, who posted about the issues on his DoublePulsar blog. Hundreds of U.S. government systems are exposed, he added, while the Department of Homeland Security’s Cybersecurity and Infrastructure Security (CISA) issued an alert on Saturday.

“They are preauthenticated (no password required) remote code execution vulnerabilities, which is as serious as they come,” he wrote. “Microsoft knew this would blow up in an international incident for customers. I know this because I worked there and told people.” He noted that while Microsoft issued fixes five months ago, it hadn’t given the vulnerabilities standard identifying numbers to make it easier for users to determine what needed patching. “It created a situation where Microsoft’s customers were misinformed about the severity of one of the most critical enterprise security bugs of the year,” Beaumont added. (Microsoft hadn’t responded to a request for comment on Beaumont’s allegations at the time of publication.)

Among the hackers taking advantage of that is the ransomware group known as LockFile, which has been seen taking advantage of the flaws first patched by Microsoft in March. LockFile has been linked to ransomware attacks on victims in various industries—including manufacturing, financial services, engineering and tourism—around the globe, mostly in the U.S. and Asia, according to security company Symantec. It was first seen on the network of a U.S. financial organization on July 20, it wrote in a company blog post.

The origins of the attacks can be traced back to weaknesses uncovered during a hacking contest earlier this year and detailed in full last week by Orange Tsai. He found three weaknesses in Microsoft Exchange (the on-premises version, not Office 365), which, when combined, could be used to remotely take control of an email server.

Beaumont has now released a tool to help identify unpatched systems. It’s already been put to use by the national Computer Emergency Response Team in Austria to scan for vulnerable servers.

CISA said it “strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.”

Governments and private organizations across the world rely on Microsoft Exchange to run their day-to-day email, but this year it’s come under repeated attack with devastating, large-scale hacks.



https://www.forbes.com/sites/thomasbrews...criminals/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Scientists just found a hidden 6th mass extinction in Earth's ancient past Resurgence 0 6,510 Nov 17, 2022, 13:14 pm
Last Post: Resurgence
  Ukrainian women targeted for sexual exploitation in Europe Resurgence 0 7,438 Jun 29, 2022, 01:25 am
Last Post: Resurgence
  Hackers disrupt Tel Aviv stock exchange website Resurgence 0 5,491 Jun 10, 2022, 01:38 am
Last Post: Resurgence
  Yemenis stage mass rallies to decry Saudi aggression, vow continued resistance Resurgence 0 5,553 Jun 04, 2022, 01:00 am
Last Post: Resurgence
  DuckDuckGo caught giving Microsoft permission for trackers Resurgence 0 5,054 May 26, 2022, 00:12 am
Last Post: Resurgence



Users browsing this thread: 1 Guest(s)