URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

Description

Summary

• Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
• Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access on-premises Exchange servers, in turn granting access to email accounts and paving the way for the installation of additional malware to facilitate long-term access to victim environments.
• But the company didn't elaborate on how many organizations were targeted and whether the attacks were successful.
• Stating that the intrusion campaigns appeared to have started around January 6, 2021, Volexity cautioned it has detected active in-the-wild exploitation of multiple Microsoft Exchange vulnerabilities used to steal email and compromise networks. "