11 Mar Microsoft Exchange Servers targeted with zero-day exploits
On March 2, 2021 Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. The zero-days exploited include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft urges customers to update their on-premises systems with the patches “immediately”. Microsoft says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.
The patches released March 2nd fix security problems in Microsoft Exchange Server 2013, 2016 and 2019. Microsoft said its Exchange Online service — basically hosted email for businesses — is not impacted by these flaws.
In the three days since Microsoft released the emergency security updates, security experts say the same Chinese cyber espionage group has dramatically stepped-up attacks on any vulnerable, unpatched Exchange servers worldwide. In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.