Threat Source

The four zero-day vulnerabilities in the Microsoft Exchange Server are dynamically oppressed by the threat groups which are sponsored by the states and others for deploying the backdoors and also the malware in the widespread attacks. The Microsoft is said that actual attacks by using the flaws of the zero-day have been outlined back to the Hafnium. The Hafnium is the APT or advanced persistent threat group that is sponsored by the state from China which is defined by company as the actor who are highly skilled and also sophisticated. 

Threat Event

In the update on 5th March, the Microsoft said that the company is continued for seeing bigger usage of all these above stated vulnerabilities in the attacks which are targeting the unpatched systems by numerous actors which are malicious beyond the Hafnium.

Vulnerability Exploited

The critical vulnerabilities which are called together as the ProxyLogon, which is impacted on-premise the Exchange Server 2013, the Exchange Server 2016, and also the Exchange Server 2019. Though, the Exchange Online is unaffected by this. The vulnerabilities are CVE-2021-26855: CVSS 9.1, CVE-2021-26857: CVSS 7.8, CVE-2021-26858: CVSS 7.8 and CVE-2021-27065: CVSS 7.8.

Technical And Business Impact

While in not believed to connect to Microsoft Exchange Server cyber attack that has impacted the projected 18,000 organizations worldwide, there is worry that the lags in covering vulnerable servers can have the same impact or worse on the businesses. The four zero-day vulnerabilities in the Microsoft Exchange Server are actively oppressed by the threat groups which are sponsored by the states and others for deploying the backdoors and also the malware in the widespread attacks.