However, unlike SolarWinds, this was not a supply chain attack. ![]() ![]() Just like SolarWinds, this attack is suspected to have been originally carried out as targeted long-term espionage activity by Advanced Persistent Threats (APTs) with considerable resources at their disposal. That said, deployments will remain vulnerable until the April update is applied. The vulnerabilities have been fixed (the fixes are available in the Microsoft April 2021 Security Update), and at the end of March, Microsoft declared that 92% of all deployments have been patched against the attack. Hot on the heels of the SolarWinds hack, hundreds of thousands of organizations were hacked between January 2021 and March 2021 through at least four (possibly seven!) different zero-day vulnerabilities in the Microsoft Exchange e-mail server software. Everyone talked about the attacks on Microsoft Exchange servers, but what about the vulnerabilities that enabled them?
0 Comments
Leave a Reply. |