Share this page!

Kim Zetter Profile picture
Twitter logo
2 Mar, 12 tweets, 3 min read
Microsoft is warning users to apply patch it's releasing today for four zero day vulns found in Exchange email servers - the vulns are being actively exploited by threat group believed to be from China. Details in this thread (and here after 2pm): microsoft.com/security/blog/…
"We strongly urge customers to update on-premises systems immediately. Exchange Online is not affected."

The vulns are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065; all of which are addressed in today’s updates for Exchange Server.
The vulns affect Microsoft Exchange Server. Exchange Online is NOT affected. 
 
Versions affected are: 
Microsoft Exchange Server 2013 , 2016  and 2019 


Microsoft Exchange Server 2010 is being updated for Defense in Depth purposes.
Microsoft says it's making the links available now instead of waiting until 2pm. I'll tweet them as soon as their live.
This image has IoC info to catch exploitation activity that may currently be happening. Microsoft said it had already briefed government customers.
More IoCs
Ok, Microsoft has made all of the links live now so I'll stop posting IoCs. You can find everything here:

microsoft.com/security/blog/…

msrc-blog.microsoft.com/2021/03/02/mul…

blogs.microsoft.com/on-the-issues/…
Volexity has post about how it discovered the active exploitation of the 4 zero-day vulns Microsoft is patching today. "These attacks appear to have started as early as January 6, 2021." volexity.com/blog/2021/03/0…
"attacker was exploiting a zero-day server-side request forgery vuln in...Exchange...to steal the full contents of several user mailboxes. This vuln...does not require authentication of any kind...attacker only needs to know the server running Exchange and the [email] account"

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kim Zetter

Kim Zetter Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KimZetter

Kim Zetter Profile picture
27 Feb
Thinking about the potential intelligence and deep-fake benefits from grabbing this voice data. “Each of the audio tracks contains metadata including the corresponding user ID: this makes harvesting and processing the voice data of each individual easier.”
“Clubhouse records all audio until every person has left the room, which it says is for safety purposes. Its community guidelines state that temporary audio recording is performed ‘solely for the purpose of supporting incident investigations’ while ‘the room is live.’”
“If a user reports a violation while the room is active, Clubhouse retains the audio [to investigate] and deletes it when this is complete... ‘Audio from muted speakers and audience members is never captured, and all temporary recordings are encrypted’”
Read 5 tweets
Kim Zetter Profile picture
25 Feb
I think you all gave me a homework assignment. I'll watch and livetweet tonight at 8pm PST.
Ok as I open Episode 7 of @Netflix's Spycraft, I realize it's not a whole episode about Stuxnet; it's called The Codebreakers and is about a lot of other things - Jefferson's cipher wheel, Enigma, etc, with only a few minutes about Stuxnet. That's probably a good thing.
This is going to be a mercilessly short thread because I'm just going to skip ahead to the part about Stuxnet so I don't have to watch the whole episode. Looks like the Stuxnet portion is just 3 minutes long. Woohoo
Read 25 tweets
Kim Zetter Profile picture
23 Feb
NASA coders hid an Easter egg in the colored pattern of Persevere’s parachute

“We identified a 10 bit pattern in the circles” of Persevere’s parachute that spells out “Dare Mighty Things”
Read 9 tweets
Kim Zetter Profile picture
21 Feb
Can't believe how close this United plane engine part came to crashing through the roof.
Read 4 tweets
Kim Zetter Profile picture
20 Feb
Interesting mystery. New malware found on ~30,000 Macs is raising ??. Once hourly the Macs contact a control server to check for commands from attackers, but so far no payload delivered. Malware has self-destruct feature but attackers haven't triggered it. arstechnica.com/information-te…
The malware has been found in 153 countries. One version runs on M1 chip that Apple introduced in Nov, "making it only the second known piece of macOS malware to do so... it uses the macOS Installer JavaScript API to execute commands." Red Canary report: redcanary.com/blog/clipping-…
“Though we haven’t observed [it] delivering additional malicious payloads yet, its...M1 chip compatibility, global reach, relatively high infection rate, and operational maturity [make it] uniquely positioned to deliver a potentially impactful payload at a moment’s notice”
Read 6 tweets
Kim Zetter Profile picture
16 Feb
Seeing all of these videos of people skating on thin ice - literally - and made me curious about when it's safe to skate on frozen bodies of water. survivalskills.guide/how-to-tell-if… Image
A tale of Dutch ice skaters, in two acts:

Act I:
Act II:
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @KimZetter has new unrolls!

Check out other threads from @KimZetter!

Read all threads by @KimZetter