Saturday 6 March 2021

Recent Exchange Vulnerabilities (ProxyLogon or CVE-2021-27065)

15:39 Posted by G No comments

 I'm not one to really jump on the band wagon about current cyber vulnerabilities, but this one is noteworthy for a couple of reasons; Firstly the scale of impact, Shodan says about 260k vulnerable machines, but more importantly, Microsoft right out of the gate pointed the finger at China, suggesting this was a state attack.

While the SolarWinds event looks like it may have been Russia it looks primarily like a state on state attack, most victims were either US government or close working relationship to.  This appears to be China and this appears to be state on private company.  Some reports are of honey pots being compromised, which is very uncommon (outside of Wannacry).

I've posted 3 articles on LinkedIn, so won't rewrite them here, but if you're interested :

  1. Background - Link
  2. Tools to check if vulnerable and cehck for indicators of compromise (IoC's) - Link
  3. Update with info on size of the attack - Link