1 min read

CISA Offers IT Admins Guidelines to Mitigate Recent MS Exchange Vulnerabilities

Filip TRUȚĂ

March 08, 2021

CISA Offers IT Admins Guidelines to Mitigate Recent MS Exchange Vulnerabilities

The Cybersecurity & Infrastructure Security Agency (CISA) has issued an emergency directive and alert addressing several critical vulnerabilities recently found in Microsoft Exchange products.

Microsoft confirmed the existence of multiple flaws in Microsoft Exchange Server last week, when it rolled out several security updates following reports of targeted attacks.

“Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem,” Microsoft said at the time.

Exploitation of these vulnerabilities can allow a malicious actor to access on-premises Exchange servers and gain persistent access and control of an enterprise network.

CISA recommends organizations examine their systems for any malicious activity as detailed in Alert AA21-062A. To do so, IT admins can consult the handy list of tactics, techniques and procedures (TTPs) and the indicators of compromise (IOCs) associated with this malicious activity provided in the alert.

Microsoft itself has also rolled out an IOC Detection Tool for the newest Exchange Server vulnerabilities. The tool leverages an updated script that scans Exchange log files for indicators of compromise associated with the vulnerabilities disclosed last week.

Affected products include Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019.

As Microsoft noted last week, the vulnerabilities in question are used as part of an attack chain, meaning some mitigations only protect against some attack vectors.

“Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file,” Microsoft warned last week.

To that end, CISA reasserts that IT administrators must thoroughly examine their systems for the TTPs and use the IOCs to detect any malicious activity.

“If an organization discovers exploitation activity, they should assume network identity compromise and follow incident response procedures. If an organization finds no activity, they should apply available patches immediately and implement the mitigations in this Alert,” CISA says.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read
Patch your iPhones and Macs against "actively exploited" zero-day right now Patch your iPhones and Macs against "actively exploited" zero-day right now
Graham CLULEY

July 27, 2021

2 min read
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read