A significant data breach on the Microsoft Azure platform has compromised numerous executive accounts, leading to cloud account takeovers and phishing attempts. Alongside this, a critical zero-day vulnerability affecting Microsoft Exchange servers has been disclosed, leaving up to 97,000 servers vulnerable to exploitation.
The Exchange server vulnerability, known as CVE-2024-21410, enables unauthorized access and the retrieval of Windows NT Lan Manager (NTLM) hashes, posing a severe risk with a severity rating of 9.1. Additionally, Microsoft has unveiled two more zero-day vulnerabilities, CVE-2024-21412 and CVE-2024-21351, associated with security feature and SmartScreen bypasses in Exchange server versions predating the February 13th update.
Microsoft advises administrators to evaluate their Exchange server environments thoroughly before enabling EP to avoid disruptions to existing functionality, as detailed in the EP documentation.
Moreover, a data breach within Microsoft’s Azure Platform has compromised numerous user accounts and environments, marking the first such incident in the company’s history. The breach involved user impersonation, data extraction, and financial fraud, primarily targeting mid and senior-level executives.
The attacks, reportedly orchestrated by hacking groups based in Nigeria and Russia, utilized malicious links embedded in documents to redirect victims to phishing websites. This breach follows a similar incident in July 2023, where Chinese hackers gained access to sensitive data in Azure, underscoring ongoing security challenges within Microsoft.
These breaches highlight the need for improved collaboration between tech companies and government security agencies to enhance transparency and response times to such threats in the future.