Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), issued a joint advisory addressing the disclosed vulnerabilities in Microsoft Exchange Server (Cybersecurity & Infastructure Security Agency, 2021). This threat is high and is estimated to affect over 30,000 businesses worldwide. The attack, launched by Hafnium, targeted these vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) which allowed state sponsored threat actors to exploit Internet facing Exchange servers, gaining access to access to internal systems (Microsoft, 2021). On MaMicrosoft published a detailed report outlining four previously unknown “Zero Day” vulnerabilities in Microsoft Exchange Server. Quick one liner to check for RCE (u might need to change the IIS path on some systems) is: findstr /snip /c:”ResetOABVirtualDirectory” C:\inetpub\logs\LogFiles\*.log Mitigation I was able to find the Exploit code easily. It is still available for anyone with basic internet search skills and obviously for any motivated threat actor, they would be actively exploiting this as soon as the CVE was released. While Github has shut it down and will stop rapid improvement of this this PoC exploit via GitHub. Microsoft owns GitHub, the Hafnium Exploit code has been now shutdown on GitHub, but it’s important to understand, the code is now still available on the internet. “Hafnium,” Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github Digital Forensics and Incident Response.Leading with Bimodal IT Mode 1 vs Mode 2 IT: What’s The Difference?.Cyber Security Strategy and Implementation Guide for Australian Essentials 8 via Microsoft Intune. Employee PII not protected by Australian Privacy Principles.“Hafnium,” Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |