Milton Argos Platform (MAP) 2.0 Helps Customers Locate Potential Exchange Attacks

Milton Argos Platform

Working with industry partners, including Microsoft, Milton Security has been assisting firms in doing retro hunting and mitigating risks due to the recent MS Exchange Server vulnerabilities.

Milton Security, a leading provider of Threat Hunting as a Service, XDR & MDR (MxDR) SOC Services, announced today the Milton Argos Platform (MAP) 2.0 is successful in locating potential Exchange Server attacks, including the four recent zero-day vulnerabilities that have been actively exploited on over 30,000 servers. The AI assisted threat hunting tool uses Artificial Intelligence and Machine Learning coupled with human expertise to detect, deter, and mitigate threats in real time.

The MAP 2.0 platform can analyze millions of security events every second which allows the highly-trained Threat Hunting Team at Milton Security to focus on the most relevant instances. The Exchange Server vulnerabilities allow cyberattackers to gain access to the admin controls in order to install additional malware or stealing data. These web shells are password protected remote interfaces with the purpose of allowing access from anywhere in the world.

The zero-day vulnerabilities impact on-premise Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019, however, Exchange Online is not affected.

  • CVE-2021-26855: CVSS 9.1: a Server Side Request Forgery (SSRF) vulnerability leading to crafted HTTP requests being sent by unauthenticated attackers. Servers need to be able to accept untrusted connections over port 443 for the bug to be triggered.
  • CVE-2021-26857: CVSS 7.8: an insecure deserialization vulnerability in the Exchange Unified Messaging Service, allowing arbitrary code deployment under SYSTEM. However, this vulnerability needs to be combined with another or stolen credentials must be used.
  • CVE-2021-26858: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.
  • CVE-2021-27065: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.

“Our team at Milton Security has been working closely with industry partners, including Microsoft, to understand the nature of these vulnerabilities, how they are being used, and where the attacks are originating from,” said James McMurry, Milton Security CEO. “Our clients entrust us to be efficient and effective when it comes to retro hunting and mitigating risks, especially in instances like these where an attack can happen quickly with very little evidence that a nation-state had access, or worse, still has access to your Exchange Servers. Our Milton Argos Platform allows us to cover a lot of ground in a very short amount of time to detect.”

Milton Security operates a 24*7*365 unique Extended Detection & Response/Managed Detection & Response (MxDR) service that provides Threat Hunting As A Service using customers’ existing security infrastructure. For 14 years, Milton’s team of Threat Hunters have stopped thousands of threats and assisted organizations in protecting themselves around the clock. Milton focuses on the best combination of AI, ML, and Human Correlation, to scout for threats, assist with incident response activities and protect hundreds of customers around the clock.