On March 11, Check Point Research said that attack attempts leveraging the vulnerabilities were doubling every few hours. In an update on March 5, Microsoft said the company "continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond Hafnium." Palo Alto Networks suggests there were at least 125,000 unpatched servers worldwide, as of March 9. Bloomberg estimates put this figure closer to 60,000 as of March 8. Sources have told cybersecurity expert Brian Krebs that at least 30,000 organizations in the US have been hacked. Using this mitigation will only protect against the initial portion of the attack other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file." This can be protected against by restricting untrusted connections, or by setting up a VPN to separate the Exchange server from external access. "The initial attack requires the ability to make an untrusted connection to Exchange server port 443. "These vulnerabilities are used as part of an attack chain," Microsoft says. In summary, Microsoft says that attackers secure access to an Exchange Server either through these bugs or stolen credentials and they can then create a web shell to hijack the system and execute commands remotely. If used in an attack chain, all of these vulnerabilities can lead to Remote Code Execution (RCE), server hijacking, backdoors, data theft, and potentially further malware deployment. CVE-2021-27065: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.CVE-2021-26858: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.However, this vulnerability needs to be combined with another or stolen credentials must be used. CVE-2021-26857: CVSS 7.8: an insecure deserialization vulnerability in the Exchange Unified Messaging Service, allowing arbitrary code deployment under SYSTEM. Servers need to be able to accept untrusted connections over port 443 for the bug to be triggered. CVE-2021-26855: CVSS 9.1: a Server Side Request Forgery (SSRF) vulnerability leading to crafted HTTP requests being sent by unauthenticated attackers.Microsoft is now also updating Exchange Server 2010 for "defense-in-depth purposes."
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |