CRITICAL Advisory: At least 30,000 US Organizations Hacked via Microsoft Exchange Bug
Situation
An unusually aggressive Chinese cyber espionage unit is targeting Microsoft Exchange Server to grab email and corporate data from Internet facing systems.
Problem
Microsoft identified four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows hackers to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the network. For the attack to work, a remote attackers would first need to access a Microsoft Exchange server on port 443.
Implication
A remote attacker can exploit three remote code execution vulnerabilities (CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) to take control of an affected system and can exploit one vulnerability (CVE-2021-26855) to obtain access to sensitive information. This would allow the hackers to grab email messages and corporate data.
Need
Due to the severity of the attacks, Microsoft and CISA advises administrators to install these updates immediately to protect Exchange servers from these attacks. Additional information can be found in the links below.
Microsoft security blog:
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
Additional details and mitigation info from KrebonSecurity:
