URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

By The Hacker News - 2021-03-03

Description

Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively expl

Summary

Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access on-premises Exchange servers, in turn granting access to email accounts and paving the way for the installation of additional malware to facilitate long-term access to victim environments.
But the company didn't elaborate on how many organizations were targeted and whether the attacks were successful.
Stating that the intrusion campaigns appeared to have started around January 6, 2021, Volexity cautioned it has detected active in-the-wild exploitation of multiple Microsoft Exchange vulnerabilities used to steal email and compromise networks. "

Topics

Security (0.43)
Machine_Learning (0.13)
Backend (0.11)

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

Description

Summary

Topics

Similar Articles

Linux malware backdoors supercomputers

Why DDoS Attacks Are Thriving in the Work-From-Home Era

Top Cyber Attacks of 2020

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

Feedback

Bookmarks

Latest Readings in Security