Azure Data Breach Compromises Microsoft | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

  • A major user data leak in the Microsoft Azure platform has compromised hundreds of executive accounts, including cloud account takeovers and phishing attempts.
  • Up to 97,000 Microsoft Exchange servers have been found susceptible to a critical privilege escalation vulnerability in the latest zero-day.

Microsoft has disclosed a critical zero-day vulnerability in Exchange servers that is being actively exploited in the wild. In addition, in a first for the company, a major cyberattack has compromised hundreds of executive accounts due to a data breach in its Azure platform, including phishing attempts and cloud account takeovers.

The Exchange server vulnerability, CVE-2024-21410, is a privilege escalation bug that allows unauthorized attackers to remotely access and relay Windows NT Lan Manager (NTLM) hashes, which are further used to leak credentials and impersonate legitimate users. Microsoft has given the bug a severity rating of 9.1. Up to 97,000 Exchange servers may be susceptible to the flaw.

In addition to this, the company also revealed details about two more zero-days, CVE-2024-21412 and CVE-2024-21351, a security feature bypass and SmartScreen bypass vulnerability, respectively. The vulnerabilities are associated with Exchange server versions before the update released on the 13th of February.

Microsoft has recommended that before enabling EP on Exchange servers, administrators must assess their environment and review issues that Microsoft has identified in its EP documentation to prevent the disruption of existing functionality.

See More: Roundcube Vulnerabilities Exploited by Russian Hackers to Attack More Than 80 Organizations

Hundreds of user accounts and environments in Microsoft’s Azure Platform have also been compromised in a data breach by hackers targeting corporate cloud accounts. The campaign included user impersonation, data extraction, financial fraud, and more. Such an attack has occurred for the first time in Microsoft’s history.

Reportedly, the attacks were carried out by hacking groups located in Nigeria and Russia through proxy services using malicious links embedded in documents that led victims to phishing websites. The attack primarily targeted mid and senior-level company executives.

Microsoft suffered a similar breach in July 2023, when Chinese hackers could access sensitive data from Azure. The incidents have highlighted problems in Microsoft’s security posture. Cyber security experts and government officials have frequently criticized the company for not taking accountability for security incidents and slow response times to reported flaws such as these.

Security breaches have become increasingly common among tech giants like Microsoft, making it essential for tech companies to collaborate with government security agencies to improve transparency about such threats and breaches for the foreseeable future.

What do you think about Microsoft’s security policies and practices? Let us know your thoughts on LinkedInOpens a new window