Organizations that have still not addressed the Microsoft Exchange vulnerabilities from May 2021 and the PetitPotam vulnerability from July 2021 could find themselves victim to recent exploitation activity, including the deployment of ransomware. This past weekend, the Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert warning Microsoft Exchange users to patch servers against actively exploited ProxyShell vulnerabilities. The ProxyShell vulnerabilities currently being manipulated by threat actors include: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. According to the alert, “CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft's Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.” These vulnerabilities are still being actively exploited by numerous threat actors on unpatched systems. Specifically, threat actors have recently been observed using the ProxyShell and Windows PetitPotam vulnerabilities to gain network access and then deploy LockFile ransomware. WaterISAC urges members to immediately apply the security patches to any potentially affected system. For additional information and mitigations, visit The Record and CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!