Israel cyber authority warns users about Microsoft hack vulnerability

Microsoft has defined the vulnerabilities as "grave and easily exploitable."

File photo of a Microsoft logo on an office building in New York (photo credit: MIKE SEGAR / REUTERS)
File photo of a Microsoft logo on an office building in New York
(photo credit: MIKE SEGAR / REUTERS)
About half a day after Microsoft warned its users in English about its widely used exchange email program being hacked by a Chinese-sponsored outfit, Israel’s Cyber Authority on Wednesday warned Microsoft email users to immediately patch the vulnerability.
Microsoft’s announcement that it had suffered a massive hack came late Tuesday – with it naming the group Hafnium as trying to take advantage of previously unknown security weaknesses in the email application Exchange Server – only 10 weeks after a major hack of the US provider SolarWinds by Russian hackers.
The Israel National Cyber Directorate emphasized that Microsoft has defined the vulnerabilities as “grave and easily exploitable.”
In its announcement, Microsoft called on users to update Exchange Server to fix four vulnerabilities in the program.
According to Microsoft, it could attribute the hack to Hafnium “based on observed victimology, tactics and procedures.”
“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Microsoft’s corporate vice president Tom Burt wrote in a blog post.
Microsoft added that Hafnium utilized “limited and targeted attacks” by working through leased virtual private servers.
Burt said that Hafnium first “would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access.”
Second, Hafnium “would create what’s called a web shell to control the compromised server remotely,” and finally it used “that remote access – run from the US-based private servers – to steal data from an organization’s network.”