Four zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited by a state-sponsored threat group from China and appear to have been adopted by other cyberattackers in widespread attacks.
While in no way believed to be connected to the SolarWinds supply chain attack that has impacted an estimated 18,000 organizations worldwide — so far — there is concern that lags in patching vulnerable servers could have a similar impact, or worse, on businesses.
Also: Best VPNs • Best security keys • Best antivirus
Here is everything you need to know about the security issues and our guide will be updated as the story develops.
Microsoft told security expert Brian Krebs that the company was made aware of four zero-day bugs in “early” January.
A DEVCORE researcher, credited with finding two of the security issues, appears to have reported them around January 5. Going under the handle “Orange Tsai,” the researcher tweeted:
“Just report a pre-auth RCE chain to the vendor. This might be the most serious RCE I have ever reported.”
According to Volexity, attacks using the four zero-days may have started as early as January 6, 2021. Dubex reported suspicious activity on Microsoft Exchange servers in the same month.
On March 2, Microsoft released patches to tackle the four severe vulnerabilities in Microsoft Exchange Server software. At the time, the company said that the bugs were being actively exploited in “limited, targeted attacks.”
Microsoft Exchange Server is an email inbox, calendar, and collaboration solution. Users range from enterprise giants to small and medium-sized businesses worldwide.
While fixes have been issued, the scope of potential Exchange Server compromise depends on the speed and uptake of patches — and the number of estimated victims continues to grow.
What are the vulnerabilities and why are they important?
The critical vulnerabilities impact on-premise Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. However, Exchange Online is not affected.
- CVE-2021-26855: CVSS 9.1: a Server Side Request Forgery (SSRF) vulnerability leading to crafted HTTP requests…