This month, the cybersecurity research firm Volexity found a series of four critical security vulnerabilities in Microsoft’s Exchange Server software. Since then, vulnerability has been independently verified and confirmed by Microsoft. It is believed to have been used by foreign-state threat actors for an unknown period of time, extending at least to January, 2021. Exchange acts as the back-end software that handles email for the vast majority of large organizations; Outlook connects to Exchange to display email for user accounts.
While the vulnerability does not affect customers running Microsoft’s Exchange Online service exclusively, most organizations in the US are running some form of Internet-facing Microsoft Outlook Web Access (OWA) for their email systems in tandem with Exchange servers.
Companies that use Microsoft Exchange Server for email messaging in any version should take immediate steps to address the situation. Office 365 is not affected, but companies with physical Exchange servers combined with Office 365 would still be vulnerable. The vulnerability effects every version of Microsoft Exchange Server from 2010 through 2016. The exploited vulnerability and potential back door allows a remote attacker full access and control of the organization’s Exchange server, including all the data residing on it—emails, attachments, contacts, notes, tasks, calendar items, etc. Attackers using the vulnerability can also identify a mailbox by user name and view or copy the entire mailbox contents.
The seriousness of the issue is difficult to understate. Using the exploit, intruders are able to leave behind one or more “web shell,” scripts for future use. A web shell is an easily-operated, password-protected hacking tool that can be accessed from any browser over the Internet; they are also commonly used for legitimate functions, and thus difficult to identify as malware by file type alone.
Continue Reading Organizations Using Microsoft Exchange Mail Server Face Severe Cybersecurity Threat