Article 648K9 High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers

High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers

by
Dan Goodin
from Ars Technica - All content on (#648K9)
zeroday-800x534.jpg

Enlarge (credit: Getty Images)

Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world.

The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm GTSC discovered customer networks had been infected with malicious webshells and that the initial entry point was some sort of Exchange vulnerability. The mystery exploit looked almost identical to an Exchange zero-day from 2021 called ProxyShell, but the customers' servers had all been patched against the vulnerability, which is tracked as CVE-2021-34473. Eventually, the researchers discovered the unknown hackers were exploiting a new Exchange vulnerability.

Webshells, backdoors, and fake sites

After successfully mastering the exploit, we recorded attacks to collect information and create a foothold in the victim's system," the researchers wrote in a post published on Wednesday. The attack team also used various techniques to create backdoors on the affected system and perform lateral movements to other servers in the system."

Read 9 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments