A couple of years ago I wrote extensively on the widespread Exchange on Premise and Solar winds attacks, and the aftermath. It got a lot of coverage at the time and afterwards.
I could probably have written monthly or quarterly updates on same (most of them not reflecting said platforms in a better light) but I think the message tends to sound like you’re being overly negative against a vendor and to be honest we all interact with sites that are multi-technology and multi vendor; all with different perspectives and often it’s best to try to be as constructive as possible and work together to ensure our respective platforms can play nice together.
However this week I think it would be remiss not to make some brief further addendums. Firstly, in 2023 and 2022 alone, Office365 and in particular Exchange Online have had multiple global outages (to me a core element of cloud is that this simply shouldn’t happen) The most recent one that I’m aware of is incident MO502273 from January 25th, where both Teams and Exchange Online, were, well offline rather than Online. I’ve had Microsoft vendors explain this away as nothing: “On Premises outages happen all the time.”
To be fair that in itself is not what stopped me in my tracks this week, or made me think to write an update here. The reason for that is the following:
A security update for a desktop application, no big deal right?
Well here, yes it is a big deal when you look into the detail. This is yet another zero day, zero touch exploit.
“Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe“
How is anyone on that platform comfortable with this? Well the truth is many aren’t and are making moves to other platforms, including HCL Domino. My opinion on this would be to pick the platform that has zero instances of being hacked, as opposed to one where the vendor notifies its’ customers that nefarious actors are making exploits on an ongoing basis.
Don’t let people tell you this is just another patch, it’s really concerning.
It’s been reported as “dangerous enough to become the most far-reaching bug of the year”
Forbes report that Microsoft have reported it as a 9.8 out of 10 on their own rating system.
We see further details here that at least 15 government and military organisations were actively exploited for 8 months by the exploit without their knowledge – We note it was a Ukraine based security organisation (Ukraine’s Computer Emergency Response Team) that reported this to Microsoft and not Microsoft itself that discovered the exploit.
We note Mandiant Intelligence Analysis at Google Cloud suspect the 15 government and military organisations are unlikely to be the only ones exploited.
Stay safe out there people.
Cormac McCarthy –Domino People Ltd
2 thoughts on “Exchange/Outlook continues to be easy “Swiss cheese” target for nefarious actors”
Mark Wilson says:
This is a great blog Cormac – thank you
Cormac McCarthy says: