Microsoft has announced multiple ZeroDay exploits used to attack on-premises versions of Exchange Server. The attacks observed by the Microsoft Threat Intelligence Center (MSTIC) found that threat actors allow malware to install these vulnerabilities to facilitate long-term access in targeted environments, where these vulnerabilities are used to access on-premises Exchange servers that provide access to email accounts.
Microsoft said it has been actively exploited by the Chinese state-backed threat actor named HAFNIUM to commit data theft. Released emergency patches to fix four previously undisclosed vulnerabilities in Exchange Server.
The Microsoft Threat Intelligence Center (MSTIC) explained the possibility that this campaign was carried out by HAFNIUM, a group operating outside of China based on tactics and procedures that are considered and observed state-sponsored.
CVE lists published by the Microsoft Security Response Center (MSRC);
CVE-2021-26855 : Server-side request forgery (SSRF) vulnerability in Exchange Server
CVE-2021-26857 : An unsafe deserialization vulnerability in Unified Messaging
CVE-2021-26858 : Post-authentication arbitrary file write vulnerability in Exchange
CVE-2021-27065 : Post-authentication arbitrary file write vulnerability in Exchange
Source
microsoft.com
msrc-blog.microsoft.com
[vc_row][vc_column][vc_cta h2=”” add_button=”bottom” btn_title=”Teklif Talep Edin” btn_style=”flat” btn_shape=”square” btn_color=”danger” css_animation=”fadeInLeft” btn_link=”url:https%3A%2F%2Fcyberartspro.com%2Fteklif-isteme-formu%2F||target:%20_blank|”]Siber Güvenlik, Dijital Dönüşüm, MSSP, Sızma Testi, KVKK, GDPR, ISO 27001, ISO 27701 ve DDO Bilgi ve İletişim Güvenliği Rehberi başlıklarıyla ilgili teklif almak için lütfen tıklayın.[/vc_cta][/vc_column][/vc_row]