Skip to main content
close search
site logo
Dive Brief

Microsoft deploys more updates to contain Exchange server fallout

Published March 12, 2021
David Jones's headshot
Reporter

Dive Brief:

  • Security researchers and federal officials are working with Microsoft to regain control over the rapidly evolving Exchange Server crisis that exposed thousands of companies, think tanks and other organizations to opportunistic cyberattackers. 
  • Microsoft released additional security updates this week designed as short-term fixes for vulnerable servers that could not be completely secured by mitigations released last week. 
  • The number of vulnerable servers running older, unpatched versions of Microsoft Exchange dropped by about 30% to 80,000 worldwide, according to Palo Alto Networks. The U.S. still leads all nations with about 20,000 vulnerable servers, followed by Germany with 11,000 and the U.K. with 4,000.

Dive Insight:

The FBI and Cybersecurity and Infrastructure Security Agency issued a joint advisory on Wednesday warning organizations that nation-state actors and cybercriminal gangs were attempting to take advantage of the Microsoft Exchange vulnerabilities in order to gain persistent system access. 

After initial vulnerabilities were discovered dating back to early January, security researchers working with Microsoft identified multiple vulnerabilities in Microsoft Exchange Server that allowed threat actors to deploy webshells into on-premise servers. 

Threat actors have been observed exfiltrating emails, stealing copies of Active Directory databases, deleting or adding user accounts and engaging in other activity by moving laterally within systems. 

A range of industries have been targeted by the attacks, including defense contractors, biotech firms, think tanks, small city and county governments, power companies and law firms, according to the FBI and CISA.  

FireEye warned the security industry that threat actors were using a technique called credential dumping to enable lateral movement and escalation of privileges inside a compromised network. State-sponsored and financially motivated groups have begun to take advantage of backdoor opportunities presented by the initial round of attacks and the entry of webshells into vulnerable servers, according to a blogpost released Thursday

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell