On Tuesday, March 2, 2021, Microsoft released patches for very serious Remote Code Execution (RCE) vulnerabilities, affecting customers running an on-premises implementation of Microsoft Exchange Server impacting Exchange products 2013, 2016 and 2019.
Even with a fully patched server, organizations were susceptible to compromise. At a minimum, Chinese Threat Actor Group Hafnium, abused the Remote Code Execution (RCE) Vulnerability to extract all the email from your system. Further, the Threat Actor Group may have had the opportunity to plant code on your system to allow them to maintain a persistent connection to steal more information from your organization or set you up for a ransomware attack. It took Microsoft six days to render full recommendations on how to remediate these issues for their customers.
Although, no solution is 100% effective, there are steps an organization can take, instead of completely isolating or shutting down services we all depend on to operate our businesses. Especially during remote operations and remote shared access control, your organization requires quick and effective solutions.
The steps to implement a robust infrastructure, requires a staff that is highly skilled in mitigation, incident response, and defense, while keeping your organization operational.
The full impact of these attacks is not fully understood.
Not getting much public attention, are CVE-2021-26897 and CVE-2021-26877, which have the potential to fully compromise your systems and permit a threat actor to initiate remote execute code within your network. Patches to mitigate these risks were released by Microsoft on March 9, 2021. The vulnerabilities as described in these CVE’s are related to SIGRed (CVE-2020-1350). A good infrastructure design, attack surface analysis and timely patching provides an effective course of action in keep your systems safe.
Contact us today you if need assistance with any of your Cyber Security needs.