Category Archives: Microsoft

Many Microsoft vulnerabilities are discovered every day. Our articles try to relay as many as possible in order to warn our dear readers and protect them from hackers!

The consequences of Microsoft Exchange security vulnerabilities

A month ago to the day, the American computer giant Microsoft, made public the detection of 4 security vulnerabilities type 0 day.

Security vulnerabilities that have taken advantage of cyber criminals to initiate several forms of computer attacks. While Microsoft has indeed proposed a security patch to fill vulnerabilities, not all vulnerable structures have yet to execute the necessary updates.

This article will also interest you: Microsoft Exchange: hacked email boxes

If one thing is certain today, it is of course that the security flaws have been beautiful and well exploited. However, the extent of these exploits cannot be determined with certainty. We can just point out that 400,000 servers were exposed from the beginning of the security breach. A situation that presents itself as a tray served for hackers.

Somehow, Microsoft's reputation is at stake.

"Companies distribute e-mails to their employees using mail servers, of which Microsoft Exchange is one of the most common. When Microsoft announced four unknown vulnerabilities in its servers— "zero-day vulnerabilities"—it immediately released fixes. The vulnerabilities were discovered by at least two groups of researchers, in specialized companies, DevCore (https://devco.re/en/), in Taiwan, and Volexity, in the United States, who quietly notified Microsoft in early January. That's the way it is. This secrecy allows the company to develop fixes without revealing flaws. Often, apart from researchers, no one else has identified the problem, so that at the time the fix is published, criminals do not have time to develop tools to exploit it… unless companies are slow to deploy these fixes. That is where the danger is. In this case, hackers who try to understand, through the fix, what the latter was trying to correct (a technique called back-engineering) can exploit it to attack companies that are still vulnerable. Here, the loopholes were already exploited: as early as January, Volexity had warned Microsoft that a group of hackers was busy (quietly) exploiting these vulnerabilities or rather. In other words, hackers had discovered these vulnerabilities before Microsoft even knew it and took advantage of them to compromise server security. explains Charles Cuvelliez, professor at the University of Brussels and head of information security at Belfius Bank – Gael Hachez, PwC Belgium, cybersecurity and Jean-Jacques Quisquater, professor at the University of Leuven and MIT.

In concrete terms, security vulnerabilities allow hackers to perform certain feats. For example:

– Infiltrate Exchange server emails to spy on conversations or exfiltrate information.

– Run malicious code (a backdoor) on the company's server for remote access

– Execute certain commands that in principle are not allowed especially through Exchange servers.

– Grant administrator privileges by running an arbitrary code remotely.

– Write files on Exchange servers regardless of the game.

The seriousness of this situation is visible through the ability for hackers to automate their entire action

Asked about these security flaws, Kevin Marndia, the boss of US computer security company FireEye, said: "Are some configurations more exposed than others? First, to take advantage of these vulnerabilities, the Exchange server must be directly connected to the Internet. The task is made easier in small businesses, which have only one server, because the email address of users allows to point directly on this single server. Otherwise, it remains necessary to identify more precisely the server to be attacked. Some companies only allow their employees access to e-mails if they connect to the corporate network beforehand. These are better protected, even if the installation of security patches remains essential: a hacker who would have entered the network via another means can then access the server and exploit the vulnerabilities. ».

When Microsoft, for example, discovered the security vulnerabilities, it was of course its obligation to notify the public. The U.S. company was facing a race to watch where it was required to produce a security patch as soon as possible to fill vulnerabilities. Yet things are not that simple. Indeed, "But everyone knew in advance who was going to win: applying these fixes (so-called "patching" servers in jargon), programming them and planning them is a long task. To "patch" servers, you have to disconnect them from the network, access them in admin mode, apply Microsoft's instructions. All of this would give criminals time. It's only recently that Microsoft has proposed an all-in-one fix for businesses that is similar to the updates we all apply to our personal computers. And this all-in-one fix only came about after the White House National Security Council urged Microsoft to help small businesses, which do not have dedicated teams ready to deal with, overcome this vulnerability. our specialists explain. And this was confirmed when, on March 23, Microsoft announced that there were still 30,000 infrastructures that had not always adopted security patches. A few weeks before, on March 12, there were still 82,000 infrastructure that were still vulnerable.

Now access an unlimited number of passwords:

Check out our hacking software

Computer attacks: A response to the Microsoft attack is reportedly underway

The computer attack that affected the messaging service provided by the American giant Microsoft, just a few months after the attack of the company Texanne SolarWinds, it is said that thousands of computer systems and computers would be compromised.

Above all, computer networks belonging to the U.S. government, at the top of the private sector.

According to a statement from a U.S. government official, the administration of new President Joe Biden was about to launch a response to his various computer attacks. If the latter, that is to say the official did not wish to be identified, it is confirmed according to several sources that he clearly states that the White House, in collaboration with some private sector companies, is trying to put in place the best possible defenses against cyber malice.

This article will also interest you: Exchange piracy: security experts worried about the presence of a ransomware

If in concrete terms, no link has been established between the recent computer attacks that targeted Microsoft Exchange and that of SolarWinds' Orion software, it does not prevent that, the whole credible hypothesis. With regard to the latest cyberattack, it had been envisaged by the US authorities that the computer attack might have been carried out by the Russian authorities, who were hiding behind cyber criminals. Accusation denied by the latter. This will no doubt explain the rumors about possible retaliation from the Americans.

"You can expect future announcements on this topic in a few weeks, not months," the senior U.S. official said during a meeting with the press on the two computer attacks (SolarWinds and Microsoft Exchange).

U.S. authorities said federal agencies successfully intervened to repair and computer systems of the nine agencies that had been impacted by the Texane company's cyberattack. On the side of the Microsoft Exchange cyberattack, an emergency federal action on one also underway. For, admittedly, cyber criminals have activated several security vulnerabilities that can have damaging consequences.

The senior official said that in order to find solutions to the current problem, "for the first time we have invited private sector companies to participate in major national security meetings about attacks." He says the response "is still evolving." "We really have a short window of time to fix vulnerable servers," "it's a matter of hours, not days," he adds.

As a reminder, it should be said that a new type of ransom program exploits a security flaw that was created during a computer attack on Microsoft Exchange servers. Compared to what the experts say, a massive attack can cause a lot of damage if not anticipated.

"We have detected and are blocking a new family of ransom software used after an initial attack on unupdated local Exchange servers," Redmond's corporate security department said on Twitter.

The software indexed these days on is of Chinese origin. It is called "DearCry." It was reportedly used by a group of hackers known as "Hafnium". A hacker group apparently, which is reportedly supported by the Chinese government in Beijing. Nearly 30,000 organizations made up of U.S. local communities and private companies were reportedly affected by the latest malware.

In the face of the situation, Brent Callow of Emsisoft, a cybersecurity firm, says, "It will be easy to update to prevent future intrusions, but not to make fixes to systems that have been attacked." He added: "It is absolutely essential that governments quickly develop a strategy to help companies secure their Exchange servers and fix loopholes before the already serious situation worsens."

For the time being, the U.S. government's strategy for initiating its counter-attack has not been revealed. No details either on the side of Microsoft or other companies such as FireEyes or SolarWinds, which could be involved in some way to this response.

Now access an unlimited number of passwords:

Check out our hacking software

Exchange hacking: Security experts worried about ransomware

The malicious computer program in question is called "DearCry."

According to some reports, it was created by Chinese hackers are held by the Beijing government. This malware that is fairly new in its category was detected after exploiting a security flaw present in Microsoft's Exchange messaging services. The US giant in question was reportedly the victim of a massive attack, a cyberattack whose consequences could be assessed at a high level. Security Experts believe that attention should be taken and arrangements should be made

"We have detected and are blocking a new family of ransom software used after an initial attack on unsuperated local Exchange servers," said the Redmond-based company's security team.

It should also be noted that the "DearCry" ransom program was discovered after the computer attack after better at another malicious program known as "Hafnium". For the time being, as mentioned above, it is attributed to Chinese hackers supported by the country's authorities.

Nearly 30,000 organizations made up of businesses and local communities in cities were likely affected. Some would even be in the United States.

The security specialist in Michael Gillespie, the founder of ID Ransomware, had detected in several computer systems, a malware that encrypts data and demands ransom payment.

Many applications behind these various cyberattacks especially the latter that would perhaps blame Russia. We are talking about the computer attack that hit a Texan company, SolarWinds. A computer attack that is described as the most important of this decade. "It will be easy to make updates to prevent future intrusions, but not to make fixes on systems that have been attacked," said Brent Callow of computer security firm Emsisoft. "It is absolutely essential that governments quickly develop a strategy to help companies secure their Exchange servers and fix loopholes before the already serious situation worsens," he added.

Earlier this week, the U.S. Federal Police and the Department of Homeland Security issued all users with Microsoft's messaging service. The statement said the flaw could in some way "compromise networks, steal information, encrypt data for ransom demand, or even carry out destructive attacks."

The Department of Homeland Security through its computer security section to call for the implementation of unique security patches that can be used by the government and the private sector separately.

"If 95% of critical infrastructure is controlled by the private sector, we need to be at the table to find solutions," says Suzanne Clark, president of the American Chamber of Commerce. She openly expressed her concern about the situation.

Now access an unlimited number of passwords:

Check out our hacking software
=

Microsoft wants to get rid of Windows 10 updates that disrupt its operating system

The goal is to prevent companies from avoiding several other difficulties that may be related to the update.

Last week, U.S. giant Microsoft unveiled a feature called "Known Issue Rollback" that allowed IT administrators the ability to cancel update processes that don't fit as part of security patches if that's a problem.

This article will also interest you: Hackers offer to resell pirated source codes to Microsoft

In practical ways, it's not uncommon for Microsoft updates on Windows 10 to be often annoying. With the new feature offered by the Redmond giant, the IT professional will be getting a lot of help. In this way, when an update does not appear necessary or useful, administrators will have the opportunity to return to the updated preview when this will cause operational disruptions. Of course, this feature is not about security patches.

Part of this new deployment, the Redmond giant will no longer force its customers to accept the changes that are often included in these updates that are sometimes operationally imperfect. "While quality has improved over the past five years, we recognize that sometimes things can go wrong and go wrong," Senior Program Manager Namrata Bachwani said in a sincerity, in a video posted on March 2 at Redmond's firm's Ignite virtual conference.

"Until now, it's all or nothing, you either had to install the entire update to take advantage of the patches, but also take responsibility for the problems, or you had to ignore everything," Bachwani said. "The administrator could choose not to install the update because he had heard that it was causing a problem, or he could uninstall it if he noticed a problem, and as a result, no longer took advantage of all the other fixes in the package, interesting changes or those that he might need," she continued.

The directors are very familiar with Ms. Bachwani's situation. They have never been able to be in tune with this way of Microsoft to group all the fixes of the operating system. Forcing them to accept them when some were not even useful to themselves. This is unlike the older version of the operating system, where updates were offered separately from Microsoft in a separate and separate way. This situation has revolted many. Indeed, the latter see this as Microsoft's "take it or leave" method, often reluctantly accepting them having no alternatives.

Today it seems then that Microsoft has listened to the complaints. "We listened to you and found a way to deal with this kind of scenario in a targeted, non-destructive way," Bachwani said.

The new "Known Issue Rollback" feature is supported in the 2004 version of Windows 10 also known as 20H1. In this release, administrators have the option to cancel nearly 80% of the changes made by an unwanted update. But this is not the case for all versions. In this case it is that of 1809 and 1909. For the latter, the functionality is only partially supported.

"If a fix causes a serious problem, the services hosted by Azure and Windows work in tandem to update this policy on the device and disable the problematic fix," says Vernon, the program's senior manager.

When it comes to small businesses or the general public, Microsoft is responsible for managing this feature. In this regard, Mr. Vernon states: "The configuration change is done by us in the cloud (…) Devices connected to Windows Update or Windows Update for Business are notified of this change and it takes effect the next restart."

Now access an unlimited number of passwords:

Check out our hacking software

Why not ignore updates?

The most common purpose of updates is to bring new features to a computer program.

But sometimes they allow computer solution vendors to fix some of the vulnerabilities they see after the program is put into service. The history of computer security has shown that whenever updates have been overlooked, some consequences have struggled to be caught up. In some cases the consequences have been disastrous. In this context, the proliferation of ransom programs in the famous WannaCry can be cited.

This article will also interest you: Updating your software can protect you

In 2017, the malware spread worldwide. Hundreds of thousands of computers have been infected. This large-scale contamination was caused by a negligent information system manager, for not carrying out an update to deploy a security fix that will fill a loophole that affect the Windows environment. In other words, the cure of the problem existed even before the problem occurred. But just because we didn't implement a major update, the whole world was shaken up. During this period and the financial, industrial, and technical consequences were enormous.

In addition, updates should be seen as it imperatives of computer security. "Updates are at the heart of a strong duality, with the dual objective of ensuring security while taking into account the operational constraints specific to each organization. Indeed, if updates exist to fix bugs and vulnerabilities, they sometimes also bring their share of constraints. In the industrial and OT sector, for example, they can lead to adverse effects, such as a prolonged shutdown of production. Their impact can therefore prove to be major, the maintenance cycles associated with the application of the patches must, therefore, be prepared and programmed with the utmost attention. More generally, outside of the industry, some updates can generate regressions, make a website unavailable, or impact user productivity for a period of time. In view of these elements, the subject of updates is as complex as it is paradoxical. explains Adrien Brochot – Product Manager, Stormshield Endpoint Security.

Whether the updates should always be made to propose is not that obvious, indeed "This question is strategic and debated within companies. First, the organization's operational constraints and work environments need to be mapped. Let's not forget that updates can be very complex, if not impossible in some cases. Control and anticipation are therefore two things to consider in limiting risks. Adrien Brochot replies.

Yet the culture of updating is encouraged. Everywhere, anyone with a computer system or computer device on their control is regularly advised never to delay making the proposed security updates. That this presents itself as an essential aspect in the development of security.

"While the critical nature of updates is becoming increasingly widespread in companies, some are still struggling to clearly perceive the risks associated with non-achievement. Still too many of them think they can't be affected by a cyber attack. This is the case in the areas of OT, where cyber culture is not yet sufficiently developed. It is therefore strategic for publishers and suppliers to support their customers in embraising this culture. points out Adrien Brochot.

Somehow everyone has to get involved. From publishers, OEMs and even business leaders to the smallest link in the chain, the end user, everyone has to contribute to the design and culture of the update. To do this, I will have to simplify the process. There will also need to be an emphasis on raising awareness in a certain way. The main players, i.e. publishers and OEMs, must provide continuous support. This will have the immediate effect of increasing confidence and developing in a certain way the reflex.

Now access an unlimited number of passwords:

Check out our hacking software