We’re only three months into 2021, and it’s already been an eventful year.
The Microsoft Exchange Server hack—our focus in this article—is one of many reasons for this.
What Happened to the Microsoft Exchange Server?
If you don’t yet know about this major cybersecurity problem, here’s some context: A Chinese digital espionage unit called Hafnium hacked the data of over 30,000 organizations across the U.S., including the private information of local governments and quite a few small businesses.
The transgression likely began as early as January 6 and continued to spread well into March, relying on four recently-discovered vulnerabilities in the Microsoft Exchange Server email software.
And the unit responsible for the attacks? They planted hundreds of thousands of tools allowing them to gain remote access to the affected systems.
In short, Hafnium leveraged the bugs found in on-prem Exchange servers to hack into users’ email accounts. The FBI released a statement on the attacks here.
What Are the Critical Vulnerabilities Involved in the Hack?
Hafnium used four bugs to break into users’ private email:
This Server Side Request Forgery (SSRF) vulnerability gave attackers the means to send arbitrary HTTP requests that let them authenticate as the Exchange server.
This insecure deserialization vulnerability allowed Hafnium to deserialize untrusted data and deploy code under SYSTEM in the Exchange Unified Messaging service.
This post-authentication arbitrary file write vulnerability allowed hackers to write a file to any path on the Exchange server.
Another post-authentication arbitrary file write vulnerability, this bug also gave attackers the tools to write a file to any path in Exchange.
For the latter two bugs, hackers could exploit the first vulnerability listed above in order to authenticate—or compromise the credentials of an actual admin.
How Can I Check My Servers’ Vulnerability?
If you’re concerned about your team’s cybersecurity, rest assured that Microsoft is well-aware of the vulnerabilities that occurred this winter. By March 22, the tech giant had applied patches (or outright mitigations) to 92% of on-premise Exchange servers.
Nonetheless, Microsoft has instructed IT administrators and consumers to apply these security fixes as soon as possible. If you haven’t already, you’ll also want to do some digging and make sure you weren’t previously compromised.
Interim mitigation solutions are available if you can’t patch right away. And if you’re still worried, just know that your cybersecurity team has got you covered.
Have questions or insights into protecting your data? SinglePoint Global can help. Please contact us for details.
BACK TO MAIN PAGE