Hacking

CISA emergency directive urges to fix Microsoft Exchange zero-days

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive related to recently fixed Microsoft Exchange zero-days. 

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange. 

This week Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild.

The IT giant reported that at least one China linked APT group, tracked as HAFNIUM, chained these vulnerabilities to access on-premises Exchange servers to access email accounts, and install backdoors to maintain access to victim environments.

The US CISA released the emergency directive, titled “Mitigate Microsoft Exchange On-Premises Product Vulnerabilities,” to order federal agencies to urgently update or disconnect MS Exchange on-premises installs.

“CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.” reads the advisory published by US CISA.

“CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.”

CISA urges agencies that have the expertise to collect forensically triage artifacts and determine the presence of any anomalous behavior or an indication of compromise,

When the agencies detect indicators of compromise (IoCs) they have to immediately disconnect their MS Exchange on-premises servers and start a deeper investigation with the help of the CISA experts.

If there are no indicators of compromise (IoCs), the agencies have to immediately install the available security patches on the MS Exchange installs.

“This Emergency Directive remains in effect until all agencies operating Microsoft Exchange servers have applied the available patch or the Directive is terminated through other appropriate action,” the directive concludes. 

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

The post CISA emergency directive urges to fix Microsoft Exchange zero-days appeared first on Security Affairs.

Security Affairs

Are you looking for products for hacking, cybersecurity, and penetration testing? Do you need to cleanse your smartphone, PC, or website from viruses and malware? Do you need to track down a person or recover urgent information? Do you need to regain control of an account, email, or password that has been stolen from you? Interested in purchasing pre-configured devices to easily and quickly experiment with hacking techniques? Do you have specific requirements in software or hardware? We can assist you!

Contact us immediately for immediate assistance: provide us with details via email or WhatsApp about the type of support you need, and we will respond you promptly!

Fill out and submit the form below to send us an immediate support request

Write your email address here

Write here how we can help you - we provide immediate support for all your needs!

chevron_left
chevron_right
Send us a WhatsApp!