Items tagged with microsoft exchange server
When it was found that Microsoft Exchange on-premises was vulnerable to hackers, quite a bit of havoc ensued across a wide range of industries. Since then, the FBI obtained a court order to go in and remove backdoors to hacked servers, but there are likely many hacked Exchange servers still out there. In recent days, researchers have noticed an uptick in DNS queries and new infrastructure and components associated with the Lemon Duck cryptocurrency mining botnet that targeted these vulnerable Exchange servers. In March, Microsoft first caught onto Lemon Duck “adopting different exploit styles and choosing to use a fileless/web shell-less option of direct PowerShell commands” for some...
Read more...
The never-ending parade of security vulnerabilities continues. Just as quickly as software vendors can tackle and resolve one set of exploitable issues -- i.e. the troubles at SolarWinds -- attackers find other vectors to break into networks and steal data. This time, it appears that tens of thousands of firms have been ransacked by Chinese cyberspies thanks to some gaping holes in Microsoft's Exchange e-mail and calendar server software. These problems have been ongoing for at least two months. On Tuesday, March 2, Microsoft pushed out emergency updates for Exchange Server versions 2013, 2016, and 2019. The company points to a previously unknown group of Chinese state-sponsored...
Read more...
We reported yesterday that Microsoft patched four zero-day vulnerabilities affecting Microsoft Exchange servers. As it turns out, Chinese hackers exploited these vulnerabilities in the wild and seemingly managed to ensnare the U.S. Government. The Department of Homeland Security has now published an emergency directive instructing any government agency with Microsoft Exchange servers on-premises to patch immediately. According to Microsoft, “a group assessed to be state-sponsored and operating out of China” gained access to email as well as installed persistent malware through Exchange server vulnerabilities. It is believed that the hackers primarily targeted “entities...
Read more...
Microsoft says a state-sponsored group of hackers operating out of China have been exploiting several zero-day vulnerabilities in Exchange Server, ultimately granting the entity unauthorized access to email accounts and address books. These intrusions also allowed the group to install "additional malware to facilitate long-term access" to compromised accounts. It appears this is a completely separate group than the one behind the SolarWinds attacks. "We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately to protect against these exploits and prevent...
Read more...
The United States National Security Agency (NSA from here on out) is warning of a vulnerability in Microsoft Exchange Server that could allow an attacker with email credentials to launch a remote attack on a target system, enabling them to execute commands. It affects multiple versions of Microsoft Exchange Server. "A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft...
Read more...
