Blog Cyber Security Technology

Microsoft Exchange Vulnerabilities

Microsoft Exchange Vulnerabilities

The following information came from this link from the Cybersecurity & Infrastructure Security Agency.

Summary

Note: This Alert was updated March 5, 2021 to provide further guidance. 

Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system. Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network. Microsoft released out-of-band patches to address vulnerabilities in Microsoft Exchange Server. The vulnerabilities impact on-premises Microsoft Exchange Servers and are not known to impact Exchange Online or Microsoft 365 (formerly O365) cloud email services.

This Alert includes both tactics, techniques, and procedures (TTPs) and the indicators of compromise (IOCs) associated with this malicious activity. To secure against this threat, CISA recommends organizations examine their systems for the TTPs and use the IOCs to detect any malicious activity. If an organization discovers exploitation activity, they should assume network identity compromise and follow incident response procedures. If an organization finds no activity, they should apply available patches immediately and implement the mitigations in this Alert.

The articles has a list of well known malicious IP Addresses to look out for. I have added this list to our blacklist to prevent any attempts from these bad actors.

ip route 103.77.192.219 255.255.255.255 Null0
ip route 104.140.114.110 255.255.255.255 Null0
ip route 104.250.191.110 255.255.255.255 Null0
ip route 108.61.246.56 255.255.255.255 Null0
ip route 149.28.14.163 255.255.255.255 Null0
ip route 157.230.221.198 255.255.255.255 Null0
ip route 185.250.151.72 255.255.255.255 Null0
ip route 192.81.208.169 255.255.255.255 Null0
ip route 203.160.69.66 255.255.255.255 Null0
ip route 211.56.98.146 255.255.255.255 Null0
ip route 5.254.43.18 255.255.255.255 Null0
ip route 5.2.69.14 255.255.255.255 Null0
ip route 80.92.205.81 255.255.255.255 Null0
ip route 91.192.103.43 255.255.255.255 Null0

Author

Jose Laboy

Leave a comment

Your email address will not be published.