Security News > 2024 > July > UK govt links 2021 Electoral Commission breach to Exchange server

UK govt links 2021 Electoral Commission breach to Exchange server
2024-07-30 12:00

The United Kingdom's Information Commissioner's Office revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities.

Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, these security flaws were chained to hack into the commission's Exchange Server 2016 and deploy web shells, which allowed the attackers to gain persistence after installing web shells and backdoors.

While Microsoft released security updates in May 2021 that fixed the ProxyShell vulnerability chain, the commission failed to patch its systems promptly, exposing them to attacks.

"Our investigation found that the Electoral Commission did not have appropriate security measures in place to protect the personal information it held," the ICO said.

The ICO Deputy Commissioner Stephen Bonner said that if the commission "Had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened."

In August 2021, days after the U.K. Electoral Commission breach was disclosed, Shodan revealed that it was tracking tens of thousands of Exchange servers vulnerable to ProxyShell attacks.


News URL

https://www.bleepingcomputer.com/news/security/uk-govt-links-2021-electoral-commission-breach-to-exchange-server/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-34523 Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-287
critical
9.0
2021-07-14 CVE-2021-34473 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-918
critical
9.1
2021-05-11 CVE-2021-31207 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Security Feature Bypass Vulnerability
network
high complexity
microsoft CWE-434
6.6