Electoral Commission had internet-facing server with unpatched vuln

2023-08-11 11:47

The hacking of the UK's Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert.

Earlier this week, the election oversight body disclosed that its systems had been broken into, and the attackers had access to the servers that host the organization's email, as well as copies of the electoral registers for the entire UK. It appears the Electoral Commission was running Microsoft Exchange Server with Outlook Web App facing the internet, and was vulnerable to an exploit known as ProxyNotShell at the time that suspicious activity was first detected on the Commission's systems in October 2022.

According to security researcher Kevin Beaumont, the Electoral Commission's Microsoft Exchange Server was visible online until at least late September 2022, after which it dropped offline.

The version of Microsoft Exchange Server that was running at the time was 15.1.2507.12, which corresponds to Exchange Server 2016, last security updated in August 2022.

This means the Electoral Commission was at least applying security patches quickly during this time, Beaumont noted in a posting on Medium.

Beaumont said that Microsoft needs to ship security patches for Microsoft Exchange Server faster, and organizations which expose Exchange Server to the internet need to be aware that it will get targeted, and implement enhanced security monitoring and containment.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/08/11/electoral_commission_vulnerability/

#electoral #internet #server