The initial attack requires the ability to make an untrusted connection to Exchange server port 443. The Microsoft Security Response Center (MSRC) noted that “ These vulnerabilities are used as part of an attack chain. Microsoft recommends that on-premises customers follow their published guidance to protect Exchange servers. While this attack is against on-premises servers, MSTC say that they have observed HAFNIUM “ interacting with victim Office 365 tenants.”Īmongst other issues, the identified vulnerabilities allow attackers to dump the LSASS process memory, use PowerShell to export mailbox data, download the OAB. As described in their blog, attackers “ used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.” The attack is attributed to HAFNIUM, a group believed by Microsoft to be state-sponsored and operating out of China. On March 2, the Microsoft Threat Intelligence Center (MSTIC) issued details of multiple day-zero exploits in active use against on-premises Exchange servers. Install Patches for Exchange 2010, 2013, 2016, and 2019 ASAP
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |