In early March, Microsoft detected multiple 0-day exploits against Exchange Servers, urging customers to update their on-premises systems immediately. They developed a one-click mitigation tool to protect Exchange servers against cyberattacks and to fix any existing compromises it found. MIcrosoft warns, however, that “patching a system does not necessarily remove the access of the attacker,” and there could be hard days ahead.
- Report: Microsoft’s One-Click Exchange Server Mitigation Tool Downloaded 25,000 Times [MyTechDecisions] “Chinese nation-state hackers are believed to be behind the initial exploits starting in early January, and copycats have been trying to replicate the attack chain since the vulnerabilities were disclosed earlier this month. That makes eliminating this vulnerability and patching systems critical but applying Microsoft’s comprehensive patch can be difficult without dedicated IT personnel.”
- Microsoft’s one-click tool to protect against cyberattacks is getting lots of downloads [Fortune] “Since the release of the tool, the number of vulnerable systems in the United States has fallen to fewer than 10,000 from at least 120,000 at the peak. Many of the remaining vulnerable systems are tied to small businesses but not limited to any one sector.”
- Exchange Server attacks: Microsoft shares intelligence on post-compromise activities [ZDNet] “Microsoft is raising an alarm over potential follow-on attacks targeting already compromised Exchange servers, especially if the attackers used web shell scripts to gain persistence on the server, or where the attacker stole credentials during earlier attacks.”
- Microsoft warns even patched Exchange servers can still be attacked [TechRadar] “Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions.”
From the Ohio Web Library
- Dennis, Steven T. “U.S. Sees Progress in Closing Microsoft Exchange Vulnerabilities.” Bloomberg.Com, Mar. 2021, p. N.PAG.
- PR Newswire. “KnowBe4 Warns of Rise in Microsoft Exchange Global Security Exploit Attempts.” PR Newswire US, 16 Mar. 2021.
- McMullen, Robert. “Microsoft Exchange Server Essential Training: Installation and Configuration.” 17 Jul. 2019.