MSFT Exchange Excitement: Another Jolt of Info

March 30, 2021

I read “Exchange Server Attacks: Microsoft Shares Intelligence on Post-Compromise Activities.” Interesting, weeks, maybe longer since what one of my analysts described as another digital Chernobyl, have passed without much substantive information.

This “real” news story reports:

Microsoft is raising an alarm over potential follow-on attacks targeting already compromised Exchange servers, especially if the attackers used web shell scripts to gain persistence on the server, or where the attacker stole credentials during earlier attacks.

Interesting. A massive attack which may have distributed malware, possibly as yet undetected, poses a risk. That’s good to know.

This statement attributed to Microsoft is intriguing as well:

In a new blog post, Microsoft reiterated its warning that “patching a system does not necessarily remove the access of the attacker”.

Does this mean that Microsoft’s remediation is not fixing the “problem”? What sorts of malware could be lurking? Microsoft provides some measured answers to this particular question in “Analyzing Attacks Taking Advantage of the Exchange Server Vulnerabilities”?

But the problem is that Microsoft’s foundational software build and deploy business process seems to be insecure.

Dribs and dabs of the consequences of a major security breach is PR and hand waving, not actions which I craved.

Stephen E Arnold, March 30, 2021

Comments

One Response to “MSFT Exchange Excitement: Another Jolt of Info”

  1. Microsoft and Security: Bondo, Lead, or Duct Tape? : Stephen E. Arnold @ Beyond Search on May 17th, 2021 5:15 am

    […] round of updates will not fix all of Exchange’s vulnerabilities, but we may be getting closer to some semblance of security. The Register reports, […]

  • Archives

  • Recent Posts

  • Meta