VMware has patched up multiple critical remote code execution (RCE) vulnerability in its ESXi, vCenter Server, and Cloud foundation products. The flaw would allow attackers to run codes and affect systems remotely. This vulnerability, tracked as CVE-2021-21972, is critical in severity as it has a CVSS score of 9.8 out of a maximum of 10.
The company said in its advisory that “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”
VMware also addressed another vulnerability that allows unauthorized users to send POST requests that allow for further attacks, including the ability to scan the company’s internal network and retrieve data about the open ports of various services. The company provided workarounds for these flaws until the updates can be deployed. The workaround details can be found here.
On March 2, Microsoft released emergency security updates to plug four security loopholes in Exchange Server versions 2013 through 2019. Chinese state-sponsored cyber-espionage unit was using these security loopholes to sniff into email conversations of victim organizations.
At least 30,000 organizations in the United States alone are believed to be hacked by the espionage group to siphon email communications from Internet-facing systems running Exchange.
If you have been running an OWA server exposed to the internet, it is safe to assume that you have been compromised between 26th February and 3rd March.
Three days since Microsoft patched the vulnerabilities, security experts say that the hackers have been ramping up exploiting any unpatched Exchange server around the world.
Following the incident, a Microsoft spokesperson said “The best protection is to apply updates as soon as possible across all impacted systems.” “We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources,” he added.
Microsoft recently announced the release of new features such as “password management and autofill capability” in their Authenticator app for mobile devices. The app also supports two-factor authentication and is compatible on both Android and iOS devices.
The feature that allows users to use the Microsoft Authenticator app to save passwords and automatically populate sign-in fields was in the beta stage up until December. However, its use was restricted to only to users with Microsoft accounts. Enterprise customers could however, get access to the feature by placing a request.
It is to be noted that organizations can only enable the password management and autofill capability for either all of their users or for none of them. The feature works best on the Microsoft Edge browser and will work on Google Chrome with the help of an extension.