• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Urgently Patch Microsoft Exchange Servers

You are here: Home / Security News / Urgently Patch Microsoft Exchange Servers

It has recently been revealed that several zero-day flaws in Microsoft Exchange server email software are being exploited by a previously undetected Chinese hacking group labelled Hafnium. Not only are they stealing email contents, but also leaving behind “back doors” – or covert channels to enable remote access to a core network. Reports indicate that between 30,000 and 60,000 organisations worldwide have been infiltrated, including approximately 7,000 in Australia.

The Australian Cyber Security Centre (ACSC), part of the Australian Signals Directorate primarily responsible for securing military communications, has issued a “high alert”, urging organisations to patch their Exchange email servers as soon as possible, as Australian organisations are being specifically targeted by the attackers.

The attack leverages previously undiscovered vulnerabilities in Exchange Server Outlook Web Access.

Exchange server Twitter post
Image Source: Krebs on Security

The ACSC website summarises the severity and potential consequences of the vulnerability and subsequent exploitation.

“Microsoft has identified that if successfully exploited, these CVEs together would allow an unauthenticated attacker to write files and execute code with elevated privileges on the underlying Microsoft Windows operating system. Microsoft has observed instances where the attacker has uploaded web shells to maintain persistent access to compromise Exchange servers.”

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises organisations using Exchange to urgently patch the following Common Vulnerabilities and Exposures (CVEs):

  • CVE-2021-26855– server-side request forgery (SSRF) vulnerability in Exchange.
  • CVE-2021-26857– insecure deserialization vulnerability in the Unified Messaging service.
  • CVE-2021-26858– post-authentication arbitrary file write vulnerability in Exchange.
  • CVE-2021-27065– post-authentication arbitrary file write vulnerability in Exchange

Microsoft has released security patches for the following versions of Microsoft Exchange:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

The ACSC also advises Microsoft has taken the unusual step of releasing a patch for the out of support Exchange Server 2010 (service pack 3).

The ACSC is monitoring the situation and is able to provide assistance and advice as required. If your organisation has been affected, please contact us for assistance.

Author: David Steele, Agilient Consultant

Tweet
Share

Security News ACSC,  ASD,  Australian Cyber Security Centre,  cyber attack,  cybersecurity,  hacker,  Hafnium,  Microsoft Exchange,  The Australian Signals Directorate

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2021 Agilient · Level 3, 655 Pacific Highway, St Leonards, NSW 2065 · 1300 341 692