Unpatched Exchange Server Sends Phishing Emails That Look Legitimate

Certitute has a story that shows what happens when you decide for one reason or another not to update your Exchange server

Apparently somebody did not update the Exchange server (which runs the email for the company). So when the system is not updated it becomes vulnerable of various vulnerabilities.

From the story:

The IIS logs showed that special crafted server-side request forgery (SSRF) requests were used to exploit CVE-2021-26855, directed at the Exchange Web Services API endpoint. This allowed the attacker to perform unauthorized actions on behalf of legitimate users.


I have discussed this before (the patch cycle) and what happens at each step.

It is time to refreshen the image and so I reveal the following image to give you a better idea what it is all about.

 

Just to review:

1. Day1 is when a researcher or nation-state or otherwise hackers (i.e. good or bad can find problems) finds an issue with software. Sometimes it is a researcher working with the software or hardware company (like when Intel found the meltdown or specter vulnerability in their processors)

2. Day30 is when the researcher discloses the problem to the public – at this point a clock starts ticking.  As the software or hardware company now are feverishly trying to create the fix. It is also at this time the hackers are trying to exploit the vulnerability(how can we monetize the issue – says the hacker)

3. Day45 is when the Anti-virus(AV) companies have built a minimum level of protection to find possible hacker attacks. Some AV can find some of the attacks coming in. The hackers can continue to modify their code to make this a game of whack a mole.

4. Day60 The patch is released by the software/hardware vendor. At this point in time the hackers are actively exploiting your systems.

5. Day75 Your IT team finally installs the update (patch) and now you are safe.

 

 

As you can see between Day30 and day75 there is a lot of time where you can be hacked and lots of stuff can happen.

 

And thus the example with the Exchange server at certitude blogpost is one of those examples where the Exchange server was not updated by the IT department for whatever reason.

It is best to work on a patching strategy with your IT department whether there are vacations or other actions by the personnel.

 

EOL is the same issue – End Of Life of software makes one have to update or upgrade the software.

Contact me or buy the book to get started on fixing cybersecurity for good.

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.