A number of entities in the US and worldwide remain vulnerable to software bugs that were reported by Microsoft weeks ago.
The CyberNews investigation team found 62,174 potentially vulnerable unpatched Microsoft Exchange Servers. The vulnerability is still being actively exploited, most famously by the China-linked malicious actors.
On March 2, Microsoft detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server. Microsoft attributed the campaign to the China-linked threat actor group Hafnium. However, vulnerabilities are being exploited by threat actors beyond Hafnium.
The recently exploited vulnerabilities were CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Even though Microsoft has released multiple security updates and a one-click mitigation tool, an investigation by CyberNews shows that thousands of servers remain vulnerable.
We gathered the data on how many potentially vulnerable unpatched servers there are at the moment. We were looking at the main vulnerability CVE-2021-26855, but it is clear that servers containing this particular vulnerability also contain other vulnerabilities listed above.
CyberNews has found 62,174 vulnerable Microsoft Exchange Servers, most of them in the US (13,877 vulnerable servers). Germany is the second most affected country at the moment with more than nine thousand servers still left unpatched. In France, the UK, Italy, and Russia, there are 3,389, 3,138, 2,877, and 2,517 vulnerable servers respectively.
The National Security Council (NSC) spokesperson said in a statement that the number of vulnerable systems fell by 45% last week, and now there are less than 10,000 vulnerable systems. When the software bugs were first uncovered, more than 120,000 entities in the US alone were found vulnerable.
At the beginning of March, Microsoft stressed the importance of patching all affected systems immediately to protect against these exploits and prevent future abuse across the ecosystem.
“In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange Servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments,” reads the advisory published by Microsoft.
Here you can find a step-by-step guide on how to install the March 2021 Microsoft Exchange Server security updates.
The Microsoft vulnerabilities attracted attention even from the White House.
“The cost of cyber incident response weighs particularly heavily on small businesses. Hence, we requested that Microsoft help small businesses with a simple solution to this incident. In response, Microsoft has released a one-click mitigation tool. We encourage every business or organization that has not yet fully patched and scanned their Exchange Server to download and run this free tool,” a statement by the White House says.
Original post available here
About the author: Jurgita Lapienytė Senior Journalist at CyberNews.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Microsoft Exchange)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.