Microsoft has released patches for the four zero-days exploited in the attacks (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065), discovered during the subsequent investigation. These bugs were observed by Microsoft Threat Intelligence Center (MSTIC) since January 2021. The OS giant, said that Hafnium operators used the four Exchange zero-days as part of a multi-part attack chain to … Continue reading “Microsoft Exchange Server Remote Code Execution Vulnerabilities (4 zero days – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)”
Tag: CVE-2021-26855
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Overview Microsoft released out-of-band updates today that fix seven critical vulnerabilities in Microsoft Exchange Server. According to the Microsoft Security Response Center, four of these seven vulnerabilities are used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Description Today Microsoft releases several security updates for Microsoft Exchange Server to address … Continue reading “Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks”