Microsoft has announced multiple ZeroDay exploits used to attack on-premises versions of Exchange Server. The attacks observed by the Microsoft Threat Intelligence Center (MSTIC) found that threat actors allow malware to install these vulnerabilities to facilitate long-term access in targeted environments, where these vulnerabilities are used to access on-premises Exchange servers that provide access to email accounts.
Microsoft said it has been actively exploited by the Chinese state-backed threat actor named HAFNIUM to commit data theft. Released emergency patches to fix four previously undisclosed vulnerabilities in Exchange Server.
The Microsoft Threat Intelligence Center (MSTIC) explained the possibility that this campaign was carried out by HAFNIUM, a group operating outside of China based on tactics and procedures that are considered and observed state-sponsored.
CVE lists published by the Microsoft Security Response Center (MSRC);
CVE-2021-26855 : Server-side request forgery (SSRF) vulnerability in Exchange Server
CVE-2021-26857 : An unsafe deserialization vulnerability in Unified Messaging
CVE-2021-26858 : Post-authentication arbitrary file write vulnerability in Exchange
CVE-2021-27065 : Post-authentication arbitrary file write vulnerability in Exchange
Source
microsoft.com
msrc-blog.microsoft.com
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.