UPDATED 21:34 EST / MARCH 02 2021

SECURITY

Microsoft warns that Chinese hackers are targeting vulnerabilities in Exchange Server

Microsoft Corp. issued a warning today that a new Chinese state-sponsored hacking group is targeting on-premises versions of Microsoft Exchange Server using a number of recently identified and now patched vulnerabilities.

The hacking group, dubbed “Hafnium” by the Microsoft Threat Intelligence Center, is described as “highly skilled and sophisticated.” It’s specifically attempting to steal information from U.S. targets, including universities, defense contractors, law firms and infectious-disease researchers.

The vulnerabilities and the exploitation of them were first identified by researchers at cybersecurity firm Volexity Inc. in early January. The vulnerabilities, collectively zero-day or previously unrecognized exploits include a server-side request forgery vulnerability, an insecure deserialization vulnerability in the Unified Messaging Service and two post-authentication arbitrary file write vulnerabilities.

Hafnium exploited the vulnerabilities to trick targeted Exchange servers into allowing it access. The Chinese hackers then created a web shell to control the compromised server remotely, using that access to steal data from the organization’s network.

While Microsoft has released a patch for the vulnerabilities, the concern is that Exchange users will not promptly install the updates. “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Tom Burt, corporate vice president, customer security and trust at Microsoft, wrote in a blog post. “Promptly applying today’s patches in the best protection against this attack.”

Satnam Narang, staff research engineer at cybersecurity company Tenable Inc., told SiliconANGLE that the fact that Microsoft chose to patch these flaws early rather than include them as part of next week’s Patch Tuesday release indicates the flaws are quite severe.

“While Microsoft says that Hafnium primarily targets entities within the United States, other researchers say they have seen these vulnerabilities being exploited by different threat actors targeting other regions,” Narang said. “We expect other threat actors to begin leveraging these vulnerabilities in the coming days and weeks, which is why it is critically important for organizations that use Exchange Server to apply these patches immediately.”

Image: Microsoft

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU