Security News

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks. These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can't find an update path to a supported version.

The European Banking Authority on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal data through emails held on that servers may have been obtained by the attacker," the Paris-based regulatory agency said.

Early last week, Microsoft revealed that a China-based group called Hafnium has been launching cyberattacks against organizations by exploiting four zero-day vulnerabilities in on-premises versions of its Exchange Server software. Calling this Microsoft Exchange/OWA hack a pretty elaborate attack, Michael Isbitski, Technical Evangelist at Salt Security, told TechRepublic that he suspects this will impact a lot of organizations still operating their own mail infrastructure rather than using a SaaS like Microsoft 365.

The European Banking Authority took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. Last week, Microsoft patched multiple zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server and exploited in ongoing attacks coordinated by multiple state-sponsored hacking groups.

Here's a brief timeline of what we know leading up to last week's mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program. Pressed for a date when it first became aware of the problem, Microsoft told KrebsOnSecurity it was initially notified "In early January." So far the earliest known report came on Jan. 5, from a principal security researcher for security testing firm DEVCORE who goes by the handle "Orange Tsai." DEVCORE is credited with reporting two of the four Exchange flaws that Microsoft patched on Mar. 2.

It is Microsoft Exchange and its drooling minion, Outlook. It's easy to get things wrong in Exchange admin.

The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China. Microsoft revealed the attack last week and released Exchange security updates.

Microsoft has pushed out a new update for their Microsoft Safety Scanner tool to detect web shells deployed in the recent Exchange Server attacks. On March 2nd, Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in attacks against exposed Outlook on the web servers.

Exchange Servers targeted via zero-day exploits, have yours been hit?Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines. March 2021 Patch Tuesday forecast: Off to an early startMicrosoft got an early start on Patch Tuesday, releasing a series of out-of-band security updates for actively exploited bugs in Exchange Server.

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. On March 2nd, Microsoft released out-of-band emergency security updates to fix four zero-day vulnerabilities actively used in attacks against Microsoft Exchange.