Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. As organizations recover from this incident, we continue to publish guidance and share threat intelligence to help detect and evict threat actors from affected environments.

The post Analyzing attacks taking advantage of the Exchange Server vulnerabilities appeared first on Microsoft Security.

Read More Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. We have taken this additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update.

The post Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus appeared first on Microsoft Security.

Read More Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

Google has demonstrated exploiting the Spectre CPU attack remotely over the web:

Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector. We have developed an interactive demonstration of the attack available at https://leaky.page/ ; the code and a more detailed writeup are published on Github …

Read More Exploiting Spectre Over the Internet

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline:

The timeline basically seems to be, according to Check Point:

  • 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control. This allows someone with a foothold on a machine to commandeer the whole box.
Read More Chinese Hackers Stole an NSA Windows Exploit in 2014

At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article:

Soon after they were spotted, the researchers saw one exploit being used in the wild. Microsoft issued a patch and fixed the flaw, sort of. In September 2019, another similar vulnerability was found being exploited by the same hacking group.

More discoveries in November 2019, January 2020, and April 2020 added up to at least five zero-day vulnerabilities being exploited from the same bug class in short order. Microsoft issued multiple security updates: some failed to actually fix the vulnerability being targeted, while others required only slight changes that required just a line or two to change in the hacker’s code to make the exploit work again…

Read More On Vulnerability-Adjacent Vulnerabilities