Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines.
According to Volexity, the attacks have been going on for nearly two months, possibly even longer.
Our team has been tirelessly working several intrusions since January involving multiple 0-day exploits in Microsoft Exchange. We've released the details of this threat activity alongside Microsoft's Out of Band patch. Take a look and update Exchange! https://t.co/GWGxQWAdGO
— Steven Adair (@stevenadair) March 2, 2021
Despite Microsoft saying that a threat actor (dubbed Hafnium) has been using the vulnerabilities to primarily target infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs in the U.S., Huntress Labs says that they’ve identified 176 of their partners’ servers having been saddled with a web shell after having been popped through the vulnerabilities.
“These companies do not perfectly align with Microsoft’s guidance as some personas are small hotels, an ice cream company, a kitchen appliance manufacture, multiple senior citizen communities and other ‘less than sexy’ mid-market businesses,” they noted. “With that said, we have also witnessed many city and county government victims, healthcare providers, banks/financial institutions, and several residential electricity providers.”
So, if you use on-prem Microsoft Exchange Servers, you might want to assume you’ve been hit and start checking and then updating...