Microsoft has officially released another warning statement, for the second time, over a possibility of getting victimized by zeroday hackers.
In its new warning, all users were advised to immediately install the new Microsoft security patches in order to stop the hackers from getting inside their devices’ software. Here’s what you should do to avoid being hacked.
0days hackers: What is it?
On Tuesday, March 2, Microsoft released a statement, warning all of their users to take their advice and download the recent security patches of the company.
These new updates will protect users from getting victimized by unknown hackers, actively exploiting four zeroday vulnerabilities in Exchange Server.
“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Microsoft Corporate Vice President of Customer Security & Trust Tom Burt wrote in a post published Tuesday afternoon. “Promptly applying today’s patches is the best protection against this attack.”
The 0day vulnerability is a computer-software vulnerability that allows hackers to exploit computer programs and data, even without the users’ knowledge.
Most victims of this sophisticated exploitation were Chrome and Windows users.
Microsoft said in the report that hackers working allegedly on behalf of the Chinese government have been using the previously unknown exploits to hack on-premises Exchange Server software that is fully patched.
So far, Hafnium, as Microsoft is calling the hackers, is the only group it has seen exploiting the vulnerabilities, but the company said that could change.
Chinese hackers, stealing info from US
Aside the fact that Microsoft was claiming China was behind the zeroday exploitation, the company also mentioned that the supposedly Chinese hackers were stealing information, mainly in the purpose to spy in the United States government.
The report says that China was interested to get data from US-based infectious disease researchers, law firms, higher-education institutions, defense contractors, policy think tanks, and nongovernmental organizations.
“This is the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society; other activity we disclosed has targeted healthcare organizations fighting Covid-19, political campaigns and others involved in the 2020 elections, and high-profile attendees of major policymaking conferences,” said Microsoft.
Four major Microsoft zeroday vulnerabilities
The zerodays are present in Microsoft Exchange Server 2013, 2016, and 2019. The four vulnerabilities are, as reported via Ars Technica:
- CVE-2021-26855, a server-side request forgery (SSRF) vulnerability that allowed the attackers to send arbitrary HTTP requests and authenticate as the Exchange server.
- CVE-2021-26857, an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.
- CVE-2021-26858, a post-authentication arbitrary file write vulnerability. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.
- CVE-2021-27065, a post-authentication arbitrary file write vulnerability. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.
To update your Microsoft security patches, go here.
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.