The four Exchange vulnerabilities communicated by Microsoft in recent days have already made over 30,000 companies and entities in the United States fall victim to attacks within what appears to be an offensive organized directly from Chinese territory. A real espionage offensive, based on zero-day exploits for which, at the moment, there is no solution.
Microsoft has promised diligent update, but based on the traditional cycle of patches (there is no they will be updates, therefore, at least for a few days). At the moment, the precise descriptions of the four vulnerabilities are available:
CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 A remote attack is able to take control of the server and to steal archived mail: companies, small institutional entities and non-governmental organizations would be in the crosshairs. Microsoft initially assumed a limited attack, but according to the Krebs on Security researchers assessed the perimeter of the offensive would be much wider than that estimated in Redmond (up to hundreds of thousands of Exchange servers worldwide). At the same time, the specific purpose of the attack is not clear. The seriousness of the problem is also evidenced by the involvement of the White House, with repeated recommendations to companies to carry out all available updates to avoid situations of this type.
At the beginning of the week, the patches will be able to fix the problem, but companies will be asked to install them as quickly as possible: only in this way can the problem be archived and the related potential impacts can be reduced. Microsoft has confirmed that it is working with the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to provide interested companies with all possible information to mitigate the impact of the offensive pending the resolutive patch.
Source: Krebs on Security
Microsoft has promised diligent update, but based on the traditional cycle of patches (there is no they will be updates, therefore, at least for a few days). At the moment, the precise descriptions of the four vulnerabilities are available:
CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 A remote attack is able to take control of the server and to steal archived mail: companies, small institutional entities and non-governmental organizations would be in the crosshairs. Microsoft initially assumed a limited attack, but according to the Krebs on Security researchers assessed the perimeter of the offensive would be much wider than that estimated in Redmond (up to hundreds of thousands of Exchange servers worldwide). At the same time, the specific purpose of the attack is not clear. The seriousness of the problem is also evidenced by the involvement of the White House, with repeated recommendations to companies to carry out all available updates to avoid situations of this type.
At the beginning of the week, the patches will be able to fix the problem, but companies will be asked to install them as quickly as possible: only in this way can the problem be archived and the related potential impacts can be reduced. Microsoft has confirmed that it is working with the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to provide interested companies with all possible information to mitigate the impact of the offensive pending the resolutive patch.
Source: Krebs on Security