Special Alert: Microsoft Releases Critical Update for Exchange Server

Microsoft announced the release of a critical security update on Tuesday, March 2^nd to address four zero-day vulnerabilities that allowed hackers to steal email communications from companies using their Exchange Server products.

Microsoft stated the flaws were being actively exploited in a sophisticated attack chain deployed by the Chinese cyber espionage group HAFNIUM. While Microsoft traditionally releases security updates on the second Tuesday of the month, 俗称“补丁星期二”, the severity of the vulnerabilities called for an additional update ahead of the schedule. Microsoft is urging all customers to install the emergency patches as soon as possible and released a 特别提醒 from Tom Burt, Corporate Vice-President, Customer Security and Trust on Tuesday.

“Even though we’ve worked quickly to deploy an update for the HAFNIUM exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.”

安全更新可在 微软安全响应中心 and address the four security issues with Microsoft Exchange Server 2013, 2016年和2019年概述如下.

• cve - 2021 - 26855, a server-side request forgery (SSRF) vulnerability that allowed the attackers to send arbitrary HTTP requests and authenticate as the Exchange server.

• cve - 2021 - 26857, an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is when untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.

• cve - 2021 - 26858，认证后任意文件写入漏洞. 如果HAFNIUM可以通过Exchangebet9平台游戏器进行身份验证, then it could use this vulnerability to write a file to any path on the server. The group could authenticate by exploiting the cve - 2021 - 26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.

• cve - 2021 - 27065，认证后任意文件写入漏洞. 如果HAFNIUM可以通过Exchangebet9平台游戏器进行身份验证, they could use this vulnerability to write a file to any path on the server. It could authenticate by exploiting the cve - 2021 - 26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.

微软确实证实了他们的Exchange Onlinebet9平台游戏, 最常用于商业电子邮件托管, 没有受到袭击的影响吗, and specifically cited that the exploits had no connection to the SolarWinds-related attacks.

For more information we encourage you to visit the full update from Microsoft at http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/.

施耐德倒下有何帮助?

如果你有任何问题，我们都会帮助你! 除了我们的bet9平台游戏和软件解决方案, our team offers a diverse library of complimentary cybersecurity resources including case studies, 白皮书和安全意识材料. 你可以浏览图书馆 089wbug3.945996.com/cybersecurity/resources.

关于施耐德唐斯网络安全

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 欲了解更多信息，请访问 089wbug3.945996.com/cybersecurity 或bet9平台游戏的团队 (电子邮件保护).

如果您怀疑或正在经历网络事件, our Incident Response Team is available 24x7x365 at 1-800-993-8937.

想要更多网络安全内容? 订阅我们的双周通讯， 关注网络安全, 获取网络安全领域的最新见解和新闻.