Microsoft Multiple 0-Day Attack – Tenable Comment

Late yesterday Microsoft announced via a blog that they “detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.” It appears the attacks are being attributed to a Chinese group known as HAFNIUM.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Satnam Narang
Satnam Narang , Senior Research Engineer
InfoSec Expert
March 3, 2021 2:41 pm

<p style=\"font-weight: 400;\">Four zero-day vulnerabilities in Exchange Server have been exploited in the wild by a nation-state threat actor called <a href=\"https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/\" data-saferedirecturl=\"https://www.google.com/url?q=https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/&source=gmail&ust=1614868362761000&usg=AFQjCNE1_rJI3No62WzoMpMRzPPIzwswZg\">HAFNIUM</a>. The fact that Microsoft chose to patch these flaws out-of-band rather than include them as part of next week’s Patch Tuesday release leads us to believe the flaws are quite severe even if we don’t know the full scope of those attacks.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">While Microsoft says that HAFNIUM primarily targets entities within the United States, <a href=\"https://twitter.com/ESETresearch/status/1366862948057178115\" data-saferedirecturl=\"https://www.google.com/url?q=https://twitter.com/ESETresearch/status/1366862948057178115&source=gmail&ust=1614868362761000&usg=AFQjCNFlN-vCQSMCMgJu2iDuSpWeb2mdng\">other researchers</a> say they have seen these vulnerabilities being exploited by different threat actors targeting other regions.</p> <p> </p> <p style=\"font-weight: 400;\">Based on what we know so far, exploitation of one of the four vulnerabilities requires no authentication whatsoever and can be used to potentially download messages from a targeted user’s mailbox. The other vulnerabilities can be chained together by a determined threat actor to facilitate a further compromise of the targeted organization’s network.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">We expect other threat actors to begin leveraging these vulnerabilities in the coming days and weeks, which is why it is critically important for organizations that use Exchange Server to apply these patches immediately.</p>

Last edited 1 year ago by Satnam Narang
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x