Massive Microsoft Exchange Server Vulnerability Being Exploited
Last week, Microsoft issued emergency patches for Microsoft Exchange Server on-premises. This week, governments and companies are sounding the alarm on the seriousness of the threat. The alarm comes as over 30,000 organizations in the US alone have had their email systems compromised in the attack. Former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs put it bluntly in a Tweet. “If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03,” he said.
The attack takes advantage of four vulnerabilities that form the attack chain. In the end, the hacker has access to the victim’s environment and can install malware, steal data, and perform other activities. Attacks related to business email compromise can also occur after infection.
The group originally behind the hack is thought to be a Chinese-linked hacker group dubbed Hafnium. Since the exploit became public, other groups and individuals are also using the hacking methods.
Administrators can learn more and apply the patches available on Microsoft’s website. CISA also has an informative PDF with information on how organizations should respond. The notice has the following statement in bold: “The seriousness of this vulnerability cannot be overstated; the exploitation of it is widespread and is indiscriminate.“