Microsoft’s Exchange Zero-Day a High-Security Risk

December 9, 2022 • Zachary Amos


In September 2022, Microsoft announced two bugs found in its Exchange server last year, one of which—ProxyLogon—took over a year to rectify and divulge to the public.

A security researcher at Taiwan’s Devcore was the first to discover ProxyLogon, determining that it allowed cyber attackers to forge authentication in the company’s Exchange server remotely.  

In total, four known Microsoft Exchange zero-day attacks threatened the cybersecurity of global institutions and governments, underscoring a critical need to spearhead robust preventative efforts and response methods for cybercrimes. 

The Exchange Server Under Attack

For those unfamiliar with cybersecurity lingo, “zero-day” is when a software manufacturer is unaware that an attacker has found and gained access to a flawed system. Once the bug becomes known, they have “zero days” to resolve it.  

More specifically, a “zero-day attack” is when cyber criminals manipulate the system’s weaknesses—by engineering a segment code or sending a phishing scam—to steal data or render collateral damage. 

Microsoft credited the Exchange zero-day attacks to the Chinese hacker group Hafnium, potentially assisted by a few other players. Initially, the company announced the attacks were limited in scope. However, it’s assumed that nearly 200,000 servers were impacted, posing a high-security risk to government agency informational systems, in particular.

ProxyLogon was just the beginning of Microsoft’s Exchange zero-day attacks as Vietnamese security firm GTSC uncovered additional threats to compromise servers and create backdoors for lateral movements of data and assets deep within the networks. Yet, the firm declared the attacks before Microsoft could patch them within the designated 120 days, leaving a door open to more susceptibilities. 

Two zero-day vulnerabilities remain on the Exchange 2013, 2016 and 2019 servers, as Microsoft has deployed its Intelligence team to investigate, releasing several mitigation strategies for IT security specialists to safeguard systems.

Agencies and corporations that operate a hybrid Exchange online are still at a heightened security risk. Of course, full exploitation of the flawed system would result in hackers gaining total power over the Exchange server.

Ongoing Threats to Cybersecurity

Cybercrime is on an upward trend, with high-profile data breaches across various industries affecting millions worldwide. 

By the fourth quarter of 2021, organizations faced 925 weekly cyber attack attempts per entity—a 50% uptick from 2020. 

Halfway through 2022, a total of 817 cyber attacks were reported in the United States, compromising sensitive data belonging to 53 million people—the most violations found within the health, financial and manufacturing sectors.

In fact, according to the HIPPA Journal, health care data breaches reached 4,419 accounts between 2009 and 2021, resulting in the theft, loss and prohibited release of 314,063,186 patient records. 

Unfortunately, cyber hackers are getting craftier in their attempts to penetrate system servers by utilizing artificial intelligence (AI) to automate attacks on their targets more easily. Implementing better security actions is now irrefutably critical as more workplaces transition to work-from-home setups.  

Of all the cybersecurity risks, ransomware attacks—when hackers extort victims by threatening to publicize or prevent access to personal data until they pay a ransom—pose the most significant concern. 

According to a recent IBM report, ransomware attacks increased by 41% over one year and now cost organizations about $4.54 million per attack. In 2021, 576 U.S. businesses fell victim to ransomware totaling approximately $159.4 billion in damages. 

However, individuals are also more susceptible to cybercrime than ever before. The Cybersecurity & Infrastructure Security Agency (CISA) warns that malicious malware infects one in three homes, while 65% of Americans received at least one online scam offer. 

Additionally, 44% of millennials are likely to experience cyber threats since about 31% share passwords to their social media accounts. 

Lessons From the Exchange Zero-Day Attacks

Cybercrime isn’t going anywhere — in fact, security risks are only ramping up, posing increasingly substantial threats to organizations and governments. Security firms and specialists can learn from Microsoft’s Exchange zero-days to create more resilient prevention, detection and mitigation strategies that protect the most valuable information and assets.