Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Microsoft

Attacks Leveraging Microsoft Exchange Vulnerabilities 'Have Escalated', Doubling Every Three Hours (cnn.com) 43

Attacks that leverage Microsoft Exchange vulnerabilities "have escalated," warns CNN. They cite a senior White House official saying the window for updating exposed servers is incredibly short -- "measured in hours, not days." On Thursday, Microsoft and security researchers warned that the vulnerabilities are now being combined with another potent cybersecurity threat: ransomware, which locks up a computer or a network's files and holds them hostage until the victim pays a fee. "We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers," Microsoft said in a tweet.

Security experts at Palo Alto Networks estimated Thursday that at least 20,000 US-based Exchange servers remain unpatched and vulnerable to exploitation, and as many as 80,000 around the globe.

Other security researchers say the pace of attacks against Exchange servers is rising as opportunistic hackers seek to take advantage of the opening found by Hafnium, the group Microsoft has said is responsible for the original breaches and is "assessed to be state-sponsored and operating out of China." The number of attempted attacks against organizations has been doubling every two to three hours, according to Check Point Research, which monitors the internet for malicious activity.

This discussion has been archived. No new comments can be posted.

Attacks Leveraging Microsoft Exchange Vulnerabilities 'Have Escalated', Doubling Every Three Hours

Comments Filter:
  • by SuperKendall ( 25149 ) on Saturday March 13, 2021 @12:37PM (#61154264)

    Attacks that leverage Microsoft Exchange vulnerabilities "have escalated," warns CNN. They cite a senior White House official saying the window for updating exposed servers is incredibly short -- "measured in hours, not days."

    Why are we hearing this from a "senior White House official" and not Microsoft?

    And why is this from CNN?

    Very odd.

    • by quonset ( 4839537 ) on Saturday March 13, 2021 @12:52PM (#61154316)

      Why are we hearing this from a "senior White House official" and not Microsoft?

      Because Microsoft is trying to limit the damage to themselves.

      And why is this from CNN?

      Because CNN is a news organization. Their job is to provide information about issues which people may be interested in or affects them in some way.

      • Just had to get that joke off my chest, but I guess it's also a minor criticism of the FP question. Yes, it is a legitimate question, but I'm doubting it's the best way to have started the discussion.

        My primary question is "Is there a threat to users of email who are limited to outlook.com email?" I'm almost certain that Microsoft eats their own dog food and uses Exchange servers in house, but I can think of various reasons that outlook.com might not use them.

        My secondary question is "Can this vulnerability

        • by shanen ( 462549 )

          Okay, back again, and able to confirm that the linked story does not mention outlook.com at all. Also, I'm the only one to mention outlook.com so far in this discussion, but I'll check back later, though mostly for the witty jokes that rarely appear these days. (But obviously need to check on some websites with more technical and security sophistication than CNN.) Still don't know what was bugging Firefox (again). Now what about that mysterious Printer driver update from Microsoft that keeps rebooting my co

          • I don't have the link handy, but when this was first reported a few days ago, it was mentioned that M$' own services (outlook.com, O365, etc.) were supposedly patched before the vuln was publicly announced.

            This is hearsay, and poorly remembered hearsay at that. YMMV.

    • I suppose perhaps it's a measure of the seriousness of the attack. A very large number of businesses use Exchange, and as a consequence, a lot of people are being affected by this. Previously, there have been worms and malware that made the general news as well, ILOVEYOU, MyDoom, Zeus, Code Red... basically, anything that affected a lot of people / businesses, or had some unusual aspect, like StuxNet.

      I think the White House and CNN are involved because there's a need to get the word out to as many people

    • CISA, the U.S. government Cybersecurity and Infrastructure Security Agency, has an article:
      Remediating Microsoft Exchange Vulnerabilities [cisa.gov].

      It seems to me that Microsoft is not managed well. There are MANY articles about that:

      Windows 10 is possibly the worst spyware ever made. [networkworld.com]
      Quoting: "Buried in the service agreement is permission to poke through everything on your PC."

      Windows 10 problems are ruining Microsoft's reputation -- and the damage can't be understated. [techradar.com] (Sept. 28, 2019)

      Criticism of [wikipedia.org]
    • by gweihir ( 88907 )

      The Microscrewups are hiding and hoping this will blow over, like so much of the damage they have done.

      • by shanen ( 462549 )

        Mod parent up, though it's not the biggest insight of the day.

        I actually think the EULA may be the largest innovation that can be attributed to Microsoft--but even that EULA is just a refinement of other people's ideas. The key notion is that no matter how badly Microsoft screwed up and no matter how much damage was (and is) caused by Microsoft's incompetence or negligence no one can legally touch Microsoft. (The #2 innovation was selling upstream rather than to end users.)

        If Microsoft had ANY residual frac

        • by gweihir ( 88907 )

          Mod parent up, though it's not the biggest insight of the day.

          Indeed it is not. It is so blatantly obvious that using MS crap on servers is a bad idea, it should automatically count as gross negligence.

          • Indeed it is not. It is so blatantly obvious that using MS crap on servers is a bad idea, it should automatically count as gross negligence.

            What a wonderful world that would be...

    • by Ol Olsoc ( 1175323 ) on Saturday March 13, 2021 @03:11PM (#61154740)

      Attacks that leverage Microsoft Exchange vulnerabilities "have escalated," warns CNN. They cite a senior White House official saying the window for updating exposed servers is incredibly short -- "measured in hours, not days."

      Why are we hearing this from a "senior White House official" and not Microsoft?

      And why is this from CNN?

      Very odd.

      I suppose you could wait until Fox News reports it so you know it's true.

    • There are a few reasons.

      1. Signs point to this attack being launched and leveraged by nation state actor. I.e. It's State sponsored cyberwarfare. That's why the White House is involved.

      2. It's weird for the White House to speak about a cybersecurity issue. CNN is reporting on it because it's weird and widespread. I recall similar reporting for e.g. Code Red, Nimda, and Slammer*.

      * I just realized that was 18 years ago. Holy crap I'm old.

      Back to the topic at hand, Microsoft's official guidance is to pat

  • In a couple days, every Exchange server in the world will be hosed.

    So, good news.

    • by gweihir ( 88907 )

      In a couple days, every Exchange server in the world will be hosed.

      So, good news.

      Indeed. Maybe a few more people will wake up to what MS really is.

    • by shanen ( 462549 )

      I'd give you the Funny mod if I could.

      And I am SOOO glad not to be using any Notes email these days and I would file it under "good news" if I heard that the last Notes email servers had been extinguished.

      But I still want to know if this affects me. The only link I might have is via outlook.com, though I barely use it. Basically pushed that way by Microsoft for their own convenience, though I responded by renaming that user "Awk Q Punt" some years ago. But Mr Punt may not be so easily amused if that account

      • I'd give you the Funny mod if I could.

        And I am SOOO glad not to be using any Notes email these days and I would file it under "good news" if I heard that the last Notes email servers had been extinguished.

        But I still want to know if this affects me. The only link I might have is via outlook.com, though I barely use it. Basically pushed that way by Microsoft for their own convenience, though I responded by renaming that user "Awk Q Punt" some years ago. But Mr Punt may not be so easily amused if that account is actually running on an Exchange server at the other end...

        I remember a time when I had multiple Notes accounts, Multiple self hosted Exchange accounts and multiple unix mail accounts. It wasn't good.

        I think this applies more to people hosting their own Exchange servers (with little or no IT support, or knowedge) and outlook.com may be getting hammered by attempts, but I would hope they have some good security, because if outlook.com becomes compromised, it would be very, very bad for Microsoft.

      • My understanding is that users of Microsoft's cloud services O365 and Outlook.com, are not effected.

        It's a vulnerability in Exchange.

        • by shanen ( 462549 )

          My concern was with indirect effects, but that would depend on such questions as (1) Is outlook.com using Exchange servers on the other end? and (2) Is Microsoft able to protect its own Exchange servers? However, I can think of several ways that we could be affected, for example by having our personal information breached on the server side or by receiving phishing spam from unprotected servers.

          Funny coincidence time: Just reading a not-so-old book about computer security that praises Microsoft's security e

  • ... compromise of unpatched on-premises Exchange Servers ...

    Is this circus just an ad to scare companies into Exchange/Office SaaS?

    • by gweihir ( 88907 )

      While plausible, MS is fundamentally incompetent. They could not pull off something like this.

  • Makes companies aware they have had hackers In their environment.
    Might actually be the lesser evil compared to a long time exploit.

    • Makes companies aware they have had hackers In their environment. Might actually be the lesser evil compared to a long time exploit.

      This might possibly be the stupidest comment I've ever read on Slashdot.

  • ... get hacked. What else is new. Only the terminally stupid put Microsoft on anything even remotely resembling a server.

  • See, guess you now wish you stayed with Lotus Notes.
  • Everyone with even half a brain always knew that Microsoft Exchange Server was manifestly unfit for connection to the Internet. In fact, everything created by Microsoft is manifestly unfit for connection to the Internet. Microsoft products require one to take extreme measures to provide security external to the products themselves, and this has always been the case.

    It would appear that there are a lot of maroons who have forgotten that simple premise.

If all else fails, lower your standards.

Working...