Even if Exchange Servers are not internet facing, the vulnerabilities can still be exploited if access to the network has been achieved through other methods. Microsoft is recommending to install updates on all Exchange Servers, prioritising those that are externally/internet facing. Microsoft has recently released additional guidance for older, unsupported versions of Exchange. While Exchange 2010 is not vulnerable to the same attack chain as Exchange 2013/2016/2019, Microsoft has released a patch for CVE-2021-26857 for this version of the software. Vulnerable Exchange Server versions include 2013, 2016, and 2019. 1) Locate all Exchange Servers and determine whether they need to be patched.
Further, based on telemetry collected from the Palo Alto Networks Expanse platform, we estimate there remain over 125,000 unpatched Exchange Servers in the world.īelow you will find a concise playbook that enterprises can follow to respond to this potential threat in their environments. As a result, even if you patched immediately, your Exchange Servers could still be compromised. Estimated number of potentially compromised organizations is in the tens of thousands globally – and very importantly, these vulnerabilities were being actively exploited for at least two months before the security patches were available. While the Microsoft Threat Intelligence Center (MSTIC) attributes the initial campaign with high confidence to HAFNIUM, a group they assess to be state-sponsored and operating out of China, multiple threat intelligence teams, including MSTIC and Unit 42, are also seeing multiple threat actors now exploiting these zero-day vulnerabilities in the wild. These vulnerabilities let adversaries access Exchange Servers and potentially gain long-term access to victims’ environments. On March 2, the security community became aware of four critical zero-day Microsoft Exchange Server vulnerabilities ( CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065).
0 kommentar(er)
