CISA lists Exchange Server and Windows vulnerabilities in their catalog of exploited Common Vulnerabilities and Exposures (CVEs)

CISA lists Exchange Server and Windows vulnerabilities in their catalog of exploited Common Vulnerabilities and Exposures (CVEs)

In a significant cybersecurity incident, thousands of Hosted Exchange customers at Rackspace experienced disruptions to their email access on Dec. 2. The attack has been linked to a vulnerability disclosed by Automox, known as CVE-2023-21674.

This vulnerability, which affects Windows advanced local procedure call (ALPC), allows an attacker to escalate privileges from sandboxed execution inside Chromium to kernel execution. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-21674 to its catalog of known exploited vulnerabilities.

The ransomware attack on Rackspace was not a solitary event. It was also linked to the use of CVE-2022-41080 and CVE-2022-41082, two escalation of privilege vulnerabilities disclosed by CrowdStrike. The cybersecurity firm uncovered during its investigation how the Play ransomware exploited these vulnerabilities for remote code execution via Outlook Web Access.

CrowdStrike researchers discovered the attack method while investigating prior attacks by Play ransomware in Latin America. The attack method was observed engaging in attacks in this region, suggesting a global reach for the Play ransomware.

The attack method achieves remote code execution via Outlook Web Access, a potential threat to many organisations that rely on Microsoft Exchange Server for their email communications.

In response to the disclosure of these vulnerabilities, CISA issued a Binding Operational Directive requiring federal agencies to take steps to remediate the vulnerabilities by January 31. The specific attacks by Play ransomware continuing after the disclosure is not clear, as CISA did not disclose details about this aspect.

The ransomware attack on Rackspace serves as a stark reminder of the ongoing cybersecurity threats that organisations face. It underscores the importance of regular security updates and vigilance in protecting digital assets.

Read also:

• Peptide YY (PYY): Exploring its Role in Appetite Suppression, Intestinal Health, and Cognitive Links
• House Infernos: Deadly Hazards Surpassing the Flames
• Rare Genetic Disease Affecting a Child: Lend a Hand to Those in Need
• Aspergillosis: Recognizing Symptoms, Treatment Methods, and Knowing When Medical Attention is Required