Security News > 2021 > March > URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
Describing the attacks as "Limited and targeted," Microsoft Threat Intelligence Center said the adversary used these vulnerabilities to access on-premises Exchange servers, in turn granting access to email accounts and paving the way for the installation of additional malware to facilitate long-term access to victim environments.
The three-stage attack involves gaining access to an Exchange Server either with stolen passwords or by using previously undiscovered vulnerabilities, followed by deploying a web shell to control the compromised server remotely.
Since the initial attack requires an untrusted connection to Exchange server port 443, the company notes that organizations can mitigate the issue by restricting untrusted connections or by using a VPN to separate the Exchange server from external access.
Aside from the patches, Microsoft Senior Threat Intelligence Analyst Kevin Beaumont has also created a nmap plugin that can be used to scan a network for potentially vulnerable Microsoft Exchange servers.
Customers using a vulnerable version of Exchange Server are recommended to install the updates immediately to thwart these attacks.