“Five Eyes” Puts Out Cybersecurity Advisory That Highlights Microsoft Products In A Bad Way

 There’s a Cybersecurity Advisory that was released yesterday jointly by the cybersecurity authorities of the United States, Australia, Canada, New Zealand and the United Kingdom who are also known as the “Five Eyes” and includes major agencies like the NSA, FBI, CISA, CIA. The advisory details the 15 most common vulnerabilities and exposures (CVEs) exploited by hackers in 2021: 

Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.

To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities—some of which were also routinely exploited in 2020 or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.

Of those top 15 CVEs, an alarming 9 are due to deficiencies in Microsoft designed, operated, and owned systems, including 7 CVEs within Microsoft’s Exchange Server. The advisory also notes a broader list of frequently exploited CVEs, another four of which are from Microsoft. This is a concerning and frightening number of easily exploitable vulnerabilities in an operating system that bills itself as the world’s premiere defense against cyberattacks.

If you run Exchange Server, you should be taking a look at this advisory. The bad guys are clearly exploiting these vulnerabilities, which means that you need to be actively defending against them. And even if you aren’t running Microsoft Exchange, this advisory is still worth reading as it will give you some places to look to ensure that you have the best protections from getting pwned.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: