US Government Orders Federal Agencies to Patch Local Exchange Servers
Earlier this week, Microsoft announced that it had spotted multiple zero-day exploits being used to attack on-premises version of Microsoft Exchange Server and as a result, released several out-of-band patches. The exploited bugs were further identified as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065. When chained together, they allow remote authentication bypass and remote code execution. Adversaries have been able to access email accounts, steal a raft of data and drop malware on target machines for long-term remote access, according to Microsoft.
Researchers at Huntress Labs have identified the China-linked APT group named Hafnium, as some of the attackers taking advantage of the previously mentioned zero-days. Researchers have also discovered more than 200 web shells deployed across thousands of vulnerable servers, with antivirus and endpoint detection/recovery installed, and they expect this number to keep rising.
Because of the dangers posed by these four zero-days, the U.S. Government is now mandating that organizations patch their versions of Microsoft Exchange to compensate for these vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, warning that its partners have observed active exploitation of the bugs in Microsoft Exchange on-premises products, which allow attackers to have “persistent system access and control of an enterprise network.”
“CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” reads the March 3 alert. “This determination is based on the current exploitation of these vulnerabilities in the wild, the likelihood of the vulnerabilities being exploited, the prevalence of the affected software in the federal enterprise, the high potential for a compromise of agency information systems and the potential impact of a successful compromise.”
Further Reading: