Security News > 2024 > July > UK govt links 2021 Electoral Commission breach to Exchange server
The United Kingdom's Information Commissioner's Office revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities.
Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, these security flaws were chained to hack into the commission's Exchange Server 2016 and deploy web shells, which allowed the attackers to gain persistence after installing web shells and backdoors.
While Microsoft released security updates in May 2021 that fixed the ProxyShell vulnerability chain, the commission failed to patch its systems promptly, exposing them to attacks.
"Our investigation found that the Electoral Commission did not have appropriate security measures in place to protect the personal information it held," the ICO said.
The ICO Deputy Commissioner Stephen Bonner said that if the commission "Had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened."
In August 2021, days after the U.K. Electoral Commission breach was disclosed, Shodan revealed that it was tracking tens of thousands of Exchange servers vulnerable to ProxyShell attacks.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-14 | CVE-2021-34523 | Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.0 |
2021-07-14 | CVE-2021-34473 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |
2021-05-11 | CVE-2021-31207 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Security Feature Bypass Vulnerability | 6.6 |