Security News > 2021 > April > NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server.

Cybersecurity firm Kaspersky, which discovered and reported the flaw to Microsoft in February, linked the zero-day exploit to a threat actor named Bitter APT, which was found exploiting a similar flaw in attacks late last year.

Also fixed by Microsoft are four remote code execution flaws affecting on-premises Exchange Servers 2013, 2016, and 2019 that were reported to the company by the U.S. National Security Agency.

While the Windows maker said it had found no evidence of any active exploits in the wild, it's recommended that customers install these updates as soon as possible to secure the environment, particularly in light of the widespread Exchange Server hacks last month and new findings that attackers are attempting to leverage the ProxyLogon exploit to deploy malicious cryptominers onto Exchange Servers, with the payload being hosted on a compromised Exchange Server.

The U.S. Cybersecurity and Infrastructure Security Agency has also revised the emergency directive it issued last month, stating "These vulnerabilities pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action," while cautioning that the underlying flaws can be weaponized by reverse-engineering the patch to create an exploit.

Cybersecurity firm Check Point, which has been tracking ongoing cyber threats exploiting the Exchange Server flaws, said a total of 110,407 attacks have been prevented targeting government, manufacturing, finance, healthcare, legal, and insurance industries in the U.S., U.K., Germany, Netherlands, and Brazil.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/s2V5STIU49k/nsa-discovers-new-vulnerabilities.html