The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warns US (US) government agencies about Microsoft Exchange vulnerabilities. This is after Microsoft warned customers that Chinese state hackers were trying to exploit vulnerabilities to read them in email traffic.
In a blog post, Microsoft announced that attackers had accessed customer’s Microsoft Exchange Server servers via zero-day leaks. The attacks are said to be the work of state hackers operating from China. The US CISA wrote that the partners discovered active exploitation of these vulnerabilities in local versions of Microsoft Exchange. If these vulnerabilities are successfully exploited, the attacker could gain access to the on-premises Exchange servers, allowing them to gain permanent access to the system and control the corporate network.
Therefore CISA calls on government agencies to take action. For example, organizations should investigate whether there are indications that they were indeed the target of an attack in which the vulnerabilities were exploited. They also have to install patches Microsoft has already released in order to close the security vulnerabilities.
