Seven vulnerabilities discovered in one of Microsoft’s most popular services

0

Microsoft is calling on all its customers to urgently install emergency patches to protect against a group of highly skilled cybercriminals who are actively exploiting four zero-day vulnerabilities in Exchange Server.

The software maker has stated that cybercriminals were working to hack into local Exchange Server software that is fully patched. So far, Hafnium, as Microsoft calls this group of cybercriminals, is the only one to have exploited these vulnerabilities, but the company says this could change. Microsoft has not identified the possible targets, except that they are companies that use Exchange Server software. Hafnium, primarily steals data from infectious disease researchers, law firms, institutions of higher education, defence companies, political research organisations and US-based non-governmental organisations.

“Microsoft’s recent alert requires all companies using Exchange email servers to immediately update the patch. These new 7 vulnerabilities in one of Microsoft’s most popular services have been exploited by what appears to be an advanced cybercriminal group for months. In Check Point’s recent Security 2020 report we showed that 83% of all attack vectors were email-based, and some of the world’s most significant cyberattacks occurred in environments like this: vulnerabilities are found in popular platforms, a patch is created but is not automatic, and in this interim period between a patch and an upload, cybercriminals attack,” notes Lotem Finkelsteen, director of Threat Intelligence at Check Point. “Companies should update the patch immediately or use virtual patching technologies such as IPS to minimise these risks. It is important to note that this attack is relevant to all businesses using Outlook, but not to individuals/consumers. It is a server issue that the cyber attackers exploited,” concludes Finkelsteen.

Microsoft is not aware that users have been targeted or that the exploits have affected other Microsoft products. Furthermore, they claim that the attacks are unrelated to the SolarWinds-related cyberattacks, which damaged at least nine US government agencies and a hundred private companies.

LEAVE A REPLY

Please enter your comment!
Please enter your name here