CISA Offers IT Admins Guidelines to Mitigate Recent MS Exchange Vulnerabilities
Microsoft confirmed the existence of multiple flaws in Microsoft Exchange Server last week, when it rolled out several security updates following reports of targeted attacks.
“Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem,” Microsoft said at the time.
Exploitation of these vulnerabilities can allow a malicious actor to access on-premises Exchange servers and gain persistent access and control of an enterprise network.
CISA recommends organizations examine their systems for any malicious activity as detailed in Alert AA21-062A. To do so, IT admins can consult the handy list of tactics, techniques and procedures (TTPs) and the indicators of compromise (IOCs) associated with this malicious activity provided in the alert.
Microsoft itself has also rolled out an IOC Detection Tool for the newest Exchange Server vulnerabilities. The tool leverages an updated script that scans Exchange log files for indicators of compromise associated with the vulnerabilities disclosed last week.
Affected products include Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019.
As Microsoft noted last week, the vulnerabilities in question are used as part of an attack chain, meaning some mitigations only protect against some attack vectors.
“Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file,” Microsoft warned last week.
To that end, CISA reasserts that IT administrators must thoroughly examine their systems for the TTPs and use the IOCs to detect any malicious activity.
“If an organization discovers exploitation activity, they should assume network identity compromise and follow incident response procedures. If an organization finds no activity, they should apply available patches immediately and implement the mitigations in this Alert,” CISA says.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 27, 2021
July 27, 2021
July 23, 2021