Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

ACSC issues security alert following targeted attacks

Organisations have been urged to shore up their cyber defences following a slew of malicious cyber attacks on Microsoft Exchange systems.

user icon Charbel Kadib
Thu, 11 Mar 2021
ACSC issues security alert following targeted attacks
expand image

The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has identified “extensive targeting” and compromises of Australian organisations with vulnerable Microsoft Exchange networks.

The ACSC noted that while it is assisting affected organisations with their incident response and remediation, a number of stakeholders are yet to address the issue.

Such organisations have been urged to patch the following common vulnerabilities and exposures (CVEs):

============
============
  • CVE-2021-26855 - server-side request forgery (SSRF) vulnerability in Exchange;
  • CVE-2021-26857 - insecure deserialisation vulnerability in the Unified Messaging service;
  • CVE-2021-26858 - post-authentication arbitrary file write vulnerability in Exchange; and
  • CVE-2021-27065 - post-authentication arbitrary file write vulnerability in Exchange.

According to Microsoft, the attacks would enable malicious actors to write files and execute code with elevated privileges on the underlying Microsoft Windows operating system.

Microsoft has reported that it has observed instances where the attacker has uploaded web shells to maintain persistent access to compromise Exchange servers.

In response, Microsoft has released security patches for the following versions of Microsoft Exchange:

  • Microsoft Exchange Server 2013;
  • Microsoft Exchange Server 2016; and
  • Microsoft Exchange Server 2019.

Following the news, Assistant Minister for Defence Andrew Hastie commented, “Australian organisations cannot be complacent when it comes to cyber security, which is why all users of Microsoft Exchange are being urged to patch their vulnerable systems.

“The ACSC has identified a large number of Australian organisations yet to patch affected versions of Microsoft Exchange, leaving them exposed to cyber compromise.

“This can be done by implementing the necessary network security patches as soon as possible and then following the detection steps outlined by Microsoft.”

He added: “If organisations are unable to quickly deploy these patches, they should consider preventing internet access to the exchange web server.”

[Related: Leonardo to deliver cyber security courses in Australia]

Charbel Kadib

Charbel Kadib

News Editor – Defence and Security, Momentum Media

Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.