Milton Argos Platform (MAP) 2.0 Helps Customers Locate Potential Exchange Attacks

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

BREA, Calif., March 9, 2021 /PRNewswire/ — Milton Security, a leading provider of Threat Hunting as a Service, XDR & MDR (MxDR) SOC Services, announced today the Milton Argos Platform (MAP) 2.0 is successful in locating potential Exchange Server attacks, including the four recent zero-day vulnerabilities that have been actively exploited on over 30,000 servers. The AI assisted threat hunting tool uses Artificial Intelligence and Machine Learning coupled with human expertise to detect, deter, and mitigate threats in real time.

The MAP 2.0 platform can analyze millions of security events every second which allows the highly-trained Threat Hunting Team at Milton Security to focus on the most relevant instances. The Exchange Server vulnerabilities allow cyberattackers to gain access to the admin controls in order to install additional malware or stealing data. These web shells are password protected remote interfaces with the purpose of allowing access from anywhere in the world.

The zero-day vulnerabilities impact on-premise Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019, however, Exchange Online is not affected.

  • CVE-2021-26855: CVSS 9.1: a Server Side Request Forgery (SSRF) vulnerability leading to crafted HTTP requests being sent by unauthenticated attackers. Servers need to be able to accept untrusted connections over port 443 for the bug to be triggered.
  • CVE-2021-26857: CVSS 7.8: an insecure deserialization vulnerability in the Exchange Unified Messaging Service, allowing arbitrary code deployment under SYSTEM. However, this vulnerability needs to be combined with another or stolen credentials must be used.
  • CVE-2021-26858: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.
  • CVE-2021-27065: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.

“Our team at Milton Security has been working closely with industry partners, including Microsoft, to understand the nature of these vulnerabilities, how they are being used, and where the attacks are originating from,” said James McMurry, Milton Security CEO. “Our clients entrust us to be efficient and effective when it comes to retro hunting and…