Vulnerability Found in Microsoft Exchange Server
A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. ...
1 min read
Daniel Guidry : Mar 3, 2021 12:00:00 AM
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
Microsoft Exchange Server
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
0-Day Exploit
The CVE’s listed above are being actively exploited in the wild.
High – Severity
In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. After exploiting these vulnerabilities to gain initial access, HAFNIUM operators deployed web shells on the compromised server. Web shells potentially allow attackers to steal data and perform additional malicious actions that lead to further compromise.
A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. ...
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful...
CVE-2021-1675(akaPrintNightmare) is a vulnerability in the built-in Windows “Print Spooler” service. Microsoft released a patch for CVE-2021-1675as