Microsoft Exchange Vulnerabilities – CISA’s Most Routinely Exploited Vulnerabilities
Microsoft Exchange Vulnerabilities
CISA’s annual list of the most routinely exploited vulnerabilities should serve as a warning to software developers everywhere. Targeting old flaws is still an effective attack vector, and it takes a lot less effort to create an exploit than it does to discover new zero-day vulnerabilities. The good news is that most flaws have publicly available exploit code. Here are some tips to keep your system secure. Once you’ve identified these issues, you can make necessary changes to your security posture.
One of the best ways to protect yourself against these threats is to patch your systems. In the year 2021, cybersecurity authorities published a list of the top 15 most commonly exploited vulnerabilities. The list of vulnerabilities includes flaws that were published as recently as February 2021, as well as those that were fixed in 2017. While some threat actors continue to target older, publicly disclosed software vulnerabilities, newer vulnerabilities are more likely to be exploited by attackers. Despite this, it’s imperative to patch existing software and systems.
One of the most widespread vulnerabilities is the ProxyLogon vulnerability, which affects Microsoft Exchange Server. Successful exploitation of this vulnerability allows an attacker to read arbitrary files on a compromised server. Similarly, CVE-2020-0688 affects Microsoft Exchange Servers. These vulnerabilities can be triggered by malicious actors using automated tools that identify unpatched servers. In many cases, an attacker will use the vulnerabilities in multiple products, including Exchange.
Microsoft Exchange Vulnerabilities – CISA’s Most Routinely Exploited Vulnerabilities
While this report highlights the most common CVEs, there are still a large number of routinely exploited vulnerabilities that are rarely publicly disclosed. CVE-2018-13379 is the worst of the lot, as it permits an attacker to execute arbitrary code on a vulnerable server. The vulnerability has been exploited by Russian and Chinese actors for months and years. CISA has already released mitigation advice for this flaw.
The ProxyLogon vulnerability affects Microsoft Exchange email servers. Successful exploitation of this flaw allows an unauthenticated attacker to execute code on the server and read email. In addition, it enables attackers to install malware inside enterprise networks. Microsoft’s Exchange Server has been vulnerable to attacks that leverage the ProxyLogon vulnerability, and these vulnerabilities have been weaponized as APTs. If you’re using Microsoft Exchange, the following tips can help protect your system.
In addition to being vulnerable to attacks, the vulnerability also affects BIG-IP systems. The vulnerability is in the BIG-IP Configuration Utility and allows both authenticated and unauthenticated users to execute arbitrary commands on the server. The vulnerability is only active in the control plane, but it can be used to exploit other systems if the systems are in Appliance mode. This vulnerability can be exploited by an attacker in an attempt to access the management interface of the appliance.
