CISA Orders Agencies to Recheck for Exchange Compromises Twitter Get Permission
The Cybersecurity and Infrastructure Security Agency is ordering federal executive branch agencies to rescan and recheck their networks by Monday for any signs of compromise related to unpatched vulnerabilities in on-premises Microsoft Exchange email servers.
In addition, the agencies have until June 28 to implement CISA s recommended steps to harden their infrastructure against attacks.
Exchange Server Flaws
Microsoft patched the four vulnerabilities in the on-premises version of Exchange Server on March 2. Around that time, RiskIQ estimated that about 400,000 on-premises Exchange servers were vulnerable. Microsoft reported that as of March 26, more than 92%, or around 368,000, had been patched or mitigated (see:
CISA Orders Agencies to Recheck for Exchange Compromises
databreachtoday.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from databreachtoday.com Daily Mail and Mail on Sunday newspapers.
뉴스핌 - 인터넷 보도 통제 단속 강화, 알리바바 텐센트 11개사 불러 면담
newspim.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from newspim.com Daily Mail and Mail on Sunday newspapers.
By Juha Saarinen on Mar 16, 2021 12:27PM
Halts first part of exploit chain.
Microsoft has released a PowerShell script to help customers running its Exchange Server on-premises software to quickly and easily mitigate against an attack chain of vulnerabilities that is under heavy exploitation currently.
The Exchange On-Premises Mitigation Tool or EOMT is recommended over Microsoft s earlier ExchangeMitigations.ps1 script, and handles the CVE-2021-26855 vulnerability through a uniform resource locator (URL) rewrite configuration.
This, Microsoft said, mitigates against the known methods of exploiting the CVE-2021-26855 server-side request forgery authentication bypass vulnerability, which forms the first part of a four-stage attack chain that can lead to full system compromise.
minute read
Share this article:
Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress.
As dangerous attacks accelerate against Microsoft Exchange Servers in the wake of the disclosure around the ProxyLogon group of security bugs, a public proof-of-concept (PoC) whirlwind has started up. It’s all leading to a feeding frenzy of cyber-activity.
The good news, however, is that Microsoft has issued a one-click mitigation and remediation tool in light of the ongoing swells of attacks.
Researchers said that while advanced persistent threats (APTs) were the first to the game when it comes to hacking vulnerable Exchange servers, the public PoCs mean that the cat is officially out of the bag, meaning that less sophisticated cybercriminals can start to leverage the opportunity.