Specifically, the flaw resides in the Exchange Unified Messaging Service, which enables voice mail functionality in addition to other features.
#CRITICAL OPS HACK DOWNLOAD 2021 FULL#
Volexity, one of three groups credited with discovering CVE-2021-26855, explained in its blog post that it observed an attacker leverage this vulnerability to “steal the full contents of several user mailboxes.” All that is required for an attacker to exploit the flaw is to know the IP address or fully qualified domain name (FQDN) of an Exchange Server and the email account they wish to target.ĬVE-2021-26857 is an insecure deserialization vulnerability in Microsoft Exchange. Successful exploitation of this flaw would allow the attacker to authenticate to the Exchange Server. In order to exploit this flaw, Microsoft says the vulnerable Exchange Server would need to be able to accept untrusted connections over port 443. An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted HTTP request to a vulnerable Exchange Server. AnalysisĬVE-2021-26855 is a SSRF vulnerability in Microsoft Exchange Server. Microsoft Exchange Online is not affected by these vulnerabilities. The vulnerabilities affect the on-premises version of Microsoft Exchange Server. Researchers at Volexity also published a blog post about this attack, referring to it as Operation Exchange Marauder. The group has historically targeted U.S.-based institutions, which include “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs,” according to the Microsoft blog. In a blog post, Microsoft attributes the exploitation of these flaws to a state-sponsored group it calls HAFNIUM. On March 2, Microsoft published out-of-band advisories to address four zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild.
#CRITICAL OPS HACK DOWNLOAD 2021 UPDATE#
Update March 8, 2021: The Identifying Affected Systems section has been updated with information about the availability of additional plugins as well as a link to our blog post that details them.
Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.