Dear readers,
Here is yet another reminder to constantly be vigilant when it comes
to cybersecurity. The New York State Department of Financial Services
(NYSDFS) issued an industry letter to its regulated entities following a
discovery of cybersecurity vulnerabilities in Microsoft Exchange Server.
The industry letter states, “In recent days, thousands of organizations
were comprised via zero-day vulnerabilities in Microsoft Exchange
Server. On March 2, 2021, Microsoft made patches available for these
vulnerabilities but many organizations were compromised either before
the patches were available or before the patches were applied.”
The four vulnerabilities were discovered in the Microsoft Exchange
servers from 2013 and later and appear to host web versions of
Microsoft’s email program on their own machines instead of cloud
providers. That day it also released several security updates for
vulnerabilities affecting the on-premises versions of the Microsoft
Exchange Server.
NYSDFS urged regulated entities with vulnerable Microsoft Exchange
services to patch or disconnect vulnerable servers. It also urged them
to use tools provided by Microsoft to identify and remediate any
compromise exploiting the zero-day vulnerabilities.
It noted the U.S. Department of Homeland Security Cybersecurity and
Infrastructure Security Agency (CISA) issued Emergency Directive 21-
02 which recommended immediately patching the vulnerabilities and
preserving forensic of the cyber event.
“CISA reported that the threat actors deployed web shells on the
compromised servers to establish persistent access to the victims
network,” the letter stated. “Web shells can allow attackers to steal data
and perform additional malicious actions, installing the patches alone
will not remove malicious web shells that were deployed before patching.
We’ll continue to keep you updated on the latest threats to your network
security.
Until next time, stay legal.
Andrea Golby
Editor, The Legal Description
agolby@octoberresearch.com