Until servers can be patched it is recommended that all port forwarding to exchange web services be stopped. This exploit requires attackers to have access to an exchange server with port 443 exposed to the internet. Microsoft has released an emergency out-of-band security update for all exchange server versions targeted in the attack going back to Windows Server 2013 and above. It has been observed that many vessels serviced by VBH are running Microsoft Exchange Servers locally and it is imperative that they be patched as soon as possible. On March 2 nd, Microsoft disclosed that four zero-day vulnerabilities were being used in attacks against Microsoft Exchange servers with the OWA components exposed to the internet. More comprehensive details follow in the writeup below: This is a high-priority alert and should be taken seriously. There is an active exploitation campaign being spearheaded by a Chinese APT group that is chaining together several zero-day exploits to compromise every exchange server they come across. If you are running an on-premises Microsoft Exchange Server you need to immediately patch it and remove web access to it until you can do so. The information below is a recap of a security bulletin distributed to all Atlas Clients and is also included in this report due to its extreme importance. Thursday, March 11th, 2021 | Cyber Threats, News, News & Media ![]() SPOTLIGHT ON SECURITY – EXCHANGE SERVER ATTACKS
0 Comments
Leave a Reply. |