Microsoft rushes out fixes for four zero‑day flaws in Exchange Server
At least one vulnerability is being exploited by
multiple cyberespionage groups to attacks targets mainly in the US, per ESET
telemetry
Microsoft has rushed out emergency updates to address four zero-day flaws affecting Microsoft Exchange Server versions 2013, 2016, and 2019. Threat actors have been observed exploiting the vulnerabilities in the wild to access on-premises Exchange servers, which allowed them to steal emails, download data, and compromise machines with malware for long-term access to the victim networks. Due to the severity of the threat, the Redmond tech titan is urging users to patch their systems immediately.
Indexed as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065, the security loopholes are being exploited by the
attackers as part of an attack chain. Microsoft’s decision to issue an
out-of-band update instead of releasing the fixes as part of its monthly Patch
Tuesday bundle underscores the seriousness of the threat. Microsoft attributed
the attack to a relatively little-known Advanced Persistent Threat (APT) group
codenamed Hafnium.
According to ESET
telemetry, at least one of the vulnerabilities is being targeted by multiple
cyberespionage groups, to wit LuckyMouse (also known as Emissary Panda or APT27), as well as Tick and
Calypso. The flaw, indexed as CVE-2021-26855, is a server-side request forgery vulnerability
that allows an attacker to send arbitrary HTTP requests and authenticates them
as the Exchange server.
While most attacks have
been observed to be against servers located in the United States, APT groups
have been targeting the servers of governments, law firms, and private
companies in other parts of the world, Germany in particular.
Complete article: Microsoft rushes out fixes for four
zero‑day flaws in Exchange Server | WeLiveSecurity