In January of 2021, intruders gained entry into Microsoft’s systems. By March, US-CERT and Microsoft jointly directed organizations to take precautions. Microsoft recommended conducting scans, applying patches and use of their new ‘one-click and mitigate’ tool. The Exchange Server vulnerabilities endangered more than 82,000 servers worldwide.
On Tuesday, the National Security Agency shared information with Microsoft concerning a new set of critical vulnerabilities. Hackers could potentially weaponize these new exploits in order to access organizations remotely.
None of Microsoft’s customers have reported corresponding hacks. Nonetheless, both the company and the clients remain on high-alert.
Microsoft exploit, server vulnerabilities and cyber spies
On March 2nd, media outlets reported that spies managed to exploit a set of flaws in the Exchange Server. The threat actors siphoned off emails from select US organizations. Ultimately, the internal communications of tens of thousands of US business, state, and local groups were seen by an entirely unintended audience.
Microsoft Exchange Server bugs
According to the NSA, the latest group of software bugs reside in the 2013, 2016 and 2019 versions of Exchange Server. If exploited, hackers may gain the ability to execute code remotely on a given target’s computer.
As with the previous Exchange Server findings this year, these exploits affect organizations that run Exchange on-premise. They do not affect organizations that house data in the cloud.
Following the announcement regarding the server vulnerabilities, the Department of Homeland Security issued a deadline requiring federal agencies to install updates by end-of-day Thursday, April 15th.
“[G]iven recent adversary focus on Exchange, were commend customers install the updates as soon as possible to ensure they remain protected from these and other threats,” wrote Microsoft in a recent blog post.
At the NSA, the direct of cyber security, Rob Joyce, expressed a similar sense of urgency. “Network defenders now have the knowledge needed to act, but so do adversaries and malicious cyber actors,” he stated. “Don’t give them the opportunity to exploit this vulnerability on your system.”
The NSA and Microsoft
The NSA commonly obtains information concerning US cyber security threats ahead of US companies themselves. “The NSA routinely has to decide whether to disclose software bugs it finds to protect U.S. companies, or to keep them for intelligence-gathering operations overseas”, writes CyberScoop.
In recent months, the NSA has been more public about its recognition of software flaws used for defensive actions. “The U.S. government carefully weighs the national security, public and commercial interests in deciding to disclose a vulnerability,” says Anne Neuberger, a former NSA employee and cyber security expert. “Moreover, we recognize when vulnerabilities may pose such a systemic risk that they require expedited disclosure.”
In other recent findings, cyber security researchers believe that they have discovered a previously unknown exploit in Microsoft’s Desktop Window Manager. What’s worse is that cyber criminals seem to be using the exploit, which allows for arbitrary code execution on devices.
For more on the Microsoft Exchange Server vulnerabilities, visit CyberScoop.