Microsoft Exchange 0-day Vulnerability

 

On March 2, Microsoft has released an emergency security update for Microsoft Exchange to remediate six vulnerabilities allowing remote code execution, of which 4 can bypass any authentication control.

The discovery of the vulnerabilities was made by a cybersecurity company that was investigating atypical volume of traffic on a customer’s Exchange server.

According to Microsoft, the vulnerabilities have been exploited in 2021 by a single group working on behalf of the Chinese government, but since they have been made public it is expected that soon they will start to be exploited “in the wild”.

Kyos has already started the change process to apply the patches to all managed clients having Exchange servers on premises. Furthermore, we are preparing a tool aimed to search for indications of attacks or compromise in the Exchange log files.