0-days in Microsoft exchange servers

Published: 2021-03-02

“Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.”

As these vulnerabilities are currently being exploited and used in targeted attacks, patching should be done as soon as possible.
Along with attack details and information about these vulnerabilities, Microsoft also published how to scan exchange log files for indicators of compromise, which is also recommended to do.

Update 2020-03-07: There are currently many published exploits for this vulnerability. Patching this vulnerability is not enough, one must also investigate for potential breaches.

Internally this is being tracked in BF-VLN-2229454.

Microsoft Windows Multiple Security Updates Affecting TCP/IP | CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

Published: 2021-02-09
MITRE CVE-2021-24074
MITRE CVE-2021-24094
MITRE CVE-2021-24086

“Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.”

CVSS Base Score is 9.8, 9.8 and 7.5.

All have potential workarounds that should have a minimal operational impact.

Currently there is no exploit in the wild. If an exploit is published this vulnerability will become critical to mitigate as fast as possible.

We are tracking this internally as BF-VLN-2216447 with the highest priority and is currently evaluating this vulnerability and how to best handle it and ensure operational stability for all our customers.

For further general details we point to the Microsoft Security Response Center blog post about the topic.

Security Software & Tools Tips – June 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Attack Surface Analyzer
* Bandit
* Infection Monkey
* NetSpot
* Splunk

Attack Surface Analyzer

Information from the Attack Surface Analyzer website:

Attack Surface Analyzer is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration.



Information from the Bandit website:

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.


Infection Monkey

Information from the Infection Monkey website:

The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.



Information from the NetSpot website:

Use NetSpot to visualize, manage, troubleshoot, audit, plan, and deploy your wireless networks.



Information from the Splunk website:

Splunk turns machine data into answers with the leading platform to tackle the toughest IT, IoT and security challenges. Use Splunk to search, monitor, analyze and visualize machine data.


Image by Pete Linforth from Pixabay

Microsoft confirms and Hotmail accounts were breached

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Between 1 January and 28 March this year hackers were able to access a “limited number” of consumer, Hotmail and MSN Mail email accounts, Microsoft has confirmed.

Read more


Top 5 Security News

Creator of Hub for Stolen Credit Cards Sentenced to 90 Months

Wipro Intruders Targeted Other Major IT Firms

Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident!

Weather Channel Knocked Off-Air in Dangerous Precedent

Are our infrastructures secure?

Photo by from Pexels

8 benefits of using Microsoft CSP for your Azure consumption

The Microsoft Cloud Solution Provider (CSP) program enables partners to directly work with and manage the customers lifecycle. The CSP can directly provision, manage and support customers subscriptions. Basefarm is Tier 1 CSP Partner, meaning that we work directly with Microsoft and not through a CSP Distributor. A Tier 1 CSP needs to prove themselves with capabilities like handling support and cloud expertise.

What is the Azure Stack?

– Azure Stack is Azure public cloud services delivered from our own local datacenter. It is made up of dedicated hardware delivered by Microsoft certified partners such as HP/Dell/Lenovo based on Microsoft specifications.

What is the Azure Stack?
– Azure Stack is Azure public cloud services delivered from our own local datacenter. It is made up of dedicated hardware delivered by Microsoft certified partners such as HP/Dell/Lenovo based on Microsoft specifications. The solution is available through the Azure Stack portal, APIs, Resource Manager templates. These are all consistent with the Azure in the public cloud, so the experience for the IT Pro and developer are the same.

Are all Azure services available?
– No, just as in the public cloud version of Azure. The services offered in the region may differ. In the Azure Stack, a subset of the services will be available. To begin with, the focus will be on core services compute, storage and networking (IaaS) and certain PaaS services (App Service, Service Fabric). This will be expanded during the next releases. Some services will never be appropriate to establish in a local version of Azure, ex: HPC solutions where one scales up to 1000 computers for a few hours.

When will it be launched?
-Today the Technical Preview v3 (TP3) is available. GA (General Availability) from Microsoft is scheduled to be in middle of the summer, and for a period after the launch there will be tests and integration tests with hardware vendors before the solution is installed in Basefarm’s data center.

When will it be available As A Service from Basefarm?
– Basefarm plans to offer Azure Stack during the late summer/fall. This depends on Microsoft and hardware partners.

How should the Basefarm offer Azure Stack?
– Basefarm will initially offer Azure Stack as a Service just as Azure in the public cloud. This means several customers can use the solution as they would like. There will also be a Pay As You GO model. It will also be possible to offer Azure Stack as a dedicated solution for the customers has special requirements and needs.

What are the key scenarios for Azure Stack?
– Azure Stack is relevant for customers with needs for solutions and data to be local. There may be various reasons for this. Here some examples:

  • Modernization of legacy applications. You have an existing application that consists of layers that you would like to modernize, e.g. the Web frontend. Taking advantage of the flexibility that public cloud offers is tempting, but you cannot move it all to the Azure because of a larger database, software that is not supported in Azure or software that cannot run in Azure due to dependencies to other components.
  • Latency, the distance to the Azure regions (e.g. The Netherlands and Dublin) is too large and it is creating a delay in the network.
  • Regulatory requirements, e.g. requirements for inspection of the data center.
  • Data sovereignty, data needs to stay in the country

How will the Azure Stack connect with public Azure (technical and billing/subscription)?
– Billing/subscription: The customer can buy consumption in the Azure Stack through Basefarm’s Cloud Solution Provider Agreement with Microsoft. The same ‘pay as you go’ model and the flexibility as in the public cloud.
– Technical: Basically, customers can build solutions that run across the Azure public and Azure Stack. Furthermore, it is also planned for the combinations of these with Basefarm’s own cloud solutions/private clouds.

Do I need an Azure subscription to use Azure Stack?
– Yes. One uses a subscription just as in Azure public cloud. It’s consistent.

Will Basefarm offer operation services for infrastructure based on Azure Stack?
-Yes. We will offer operations like we do on Azure. The managed services will be flexible to the customer depending on whether their focus is DevOps with customer’s process and control, or a more ITIL based process offered by Basefarm.

Replaces the Azure Stack a typical “private cloud”?
– Eventually. Initially it is a limited version of public Azure.

Can I start to test and possibly create a reference architecture for the Azure Stack today?
– Yes. You can set up a test version (TP3), but the easiest way is to use public Azure and set Resource Policies on a subscription or a resource group. You can read more about that on the Microsoft blog.

Where can I find more information about Azure Stack?
– Azure Stack Shotcuts is a good place to start. Jeffrey Snover (Microsoft), Chief Architect Azure Stack, held on 7. May an overall presentation during DEVIntersection that gives a good updated introduction to Azure Stack.

Who can I contact for more information in Basefarm around Azure Stack?
– Please contact Geir Morten Allum, Senior Cloud Architect – Product Development,

Patch Tuesday February 2016

Yet another patch Tuesday has come upon us.
Microsoft released 13 updates, some of which fix critical issues, to address vulnerabilities in their product line. Adobe on the other hand has released patches which address 22 vulnerabilities for their Adobe Flash and Adobe Acrobat/Reader products.
Oracle also pushed out a new update – Java SE 8, Update 73.


Patch Tuesday November 2015

Yet another patch Tuesday has come upon us.
Microsoft released 12 updates, some of which are critical, to address vulnerabilities in their product line. Adobe on the other hand has released updates for their Adobe Flash product.


Patch Tuesday October 2015

Yet another patch Tuesday has come upon us.
Microsoft released 6 patches that address 33 issues, some of which are critical. Adobe on the other hand has released updates for Reader, Acrobat and Flash which address 69 Vulnerabilities.


Patch Tuesday September 2015

Yet another patch Tuesday has come upon us.
Microsoft released patches that address 12 different issues, 5 of which are critical. Adobe on the other hand has released a security update for their ShockWave application.