Source URL: https://www.theregister.com/2025/01/23/proxylogon_flaw_salt_typhoons_open/
Source: The Register
Title: One of Salt Typhoon’s favorite flaws still wide open on 91% of at-risk Exchange Servers
Feedly Summary: But we mean, you’ve had nearly four years to patch
One of the critical security flaws exploited by China’s Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years – yet despite repeated warnings from law enforcement and private-sector security firms, nearly all public-facing Microsoft Exchange Server instances with this vulnerability remain unpatched.…
AI Summary and Description: Yes
**Summary:** The text illustrates a critical vulnerability in Microsoft Exchange Server (CVE-2021-26855), exploited by a Chinese cyber-espionage group known as Salt Typhoon. Despite the availability of a patch for nearly four years, a significant majority of affected servers remain unpatched. This highlights the urgency for organizations to address known vulnerabilities, especially in light of ongoing cyber threats from state-sponsored actors targeting U.S. telecom and government sectors.
**Detailed Description:**
This text provides a current overview of the cybersecurity landscape, focusing on the exploitation of vulnerabilities by state-sponsored hacker groups, particularly China’s Salt Typhoon. Here are the major points of analysis:
– **Concerning Vulnerability Statistics:**
– Microsoft Exchange Server’s flaw (CVE-2021-26855, also known as ProxyLogon) has been a persistent issue since its disclosure in March 2021.
– A significant 91% of nearly 30,000 public-facing Exchange instances remain unpatched, despite warnings from cybersecurity experts and law enforcement.
– **Threat Actor Insight:**
– Salt Typhoon employs various custom malware, such as GhostSpider and SnappyBee, to maintain a stealthy presence within networks, emphasizing the need for continuous monitoring and defense strategies.
– It illustrates a trend where adversaries adopt and share malware like the Demodex rootkit among different Chinese-state affiliated hacking groups to enhance stealth and operational efficiency.
– **Comparative Analysis:**
– It contrasts unpatched Microsoft Exchange instances with Ivanti vulnerabilities (CVE-2023-46805 and CVE-2024-21887), where over 92% of affected devices have been remediated, underscoring the need for prompt patch management and vulnerability remediation.
– **Governmental Response:**
– The U.S. Congress is actively discussing the Salt Typhoon intrusions and other state-sponsored cyber operations, stressing the narrative of China being a considerable cybersecurity threat.
– Testimonies from cybersecurity experts reflect concerns about the operational capabilities of these adversarial groups, reinforcing the notion that they are preparing for potential cyber warfare.
– **General Advice for Organizations:**
– The text emphasizes the necessity for organizations to routinely patch public-facing devices and to quickly mitigate known vulnerabilities. This indicates a broader need for improved cybersecurity practices and a shift towards proactive rather than reactive security measures.
Overall, this discussion is pivotal for professionals in security and compliance sectors, highlighting the vulnerabilities that must be addressed to safeguard against advanced persistent threats from state-sponsored groups.