Mumbai: Microsoft has patched four mail exchange server zero-day vulnerabilities that Chinese hackers group had exploited recently.
This comes a day after Microsoft named a Chinese hackers group Hafnium behind hacking into mail exchange server software, according to media reports.
Microsoft said that a China-based hackers group known as Hafnium has been remotely hacking into email inboxes using newly discovered flaws in its mail server software.
This state-sponsored hackers group, according to a Microsoft blog post made use of undetected vulnerabilities in different versions of Microsoft mail exchange server software.
Since this hacking incident became hit media headlines, researchers within Microsoft and outside have pointed out that commonly used programs remains easy target of hackers.
And once again the zero-day vulnerabilities has become the central point of discussion and cybersecurity experts.
While one side of this cyberespionage attack is the exploited software flaws and the other side is the impact of this cyberattack and its targets.
Microsoft choosing to patch these flaws out-of-band rather than including them as part of next week’s Patch Tuesday release has raised some questions.
“It leads us to believe the flaws are quite severe even if we don’t know the full scope of those attacks,” said Tenable’s Staff Research Engineer Satnam Narang.
Hafnium, according to Microsoft primarily targets entities within the United States. Other researchers believe that different threat actors are exploiting these vulnerabilities and targeting other regions.
“Based on what we know so far, exploitation of one of the four vulnerabilities requires no authentication whatsoever. And can be used to potentially download messages from a targeted user’s mailbox,” informed Narang.
“The other vulnerabilities can be chained together by a determined threat actor to facilitate a further compromise of the targeted organisation’s network,” he added.
“We expect other threat actors to begin leveraging these vulnerabilities in the coming days and weeks, which is why it is critically important for organisations that use exchange server to apply these patches immediately,” concluded Narang.
Charles Carmakal, SVP and CTO, FireEye Mandiant has stated it is important for organisations to check if they have been compromised, in addition to just patching.
“FireEye has observed these vulnerabilities being exploited in the wild and we are actively working with several impacted organisations,” said Carmakal.
“In addition to patching as soon as possible, we recommend organisations also review their systems for evidence of exploitation that may have occurred prior to the deployment of the patches,” he noted.