My Pulsant
Identified - Microsoft has recently disclosed critical vulnerabilities in several on-premises versions of Microsoft Exchange (Exchange Online/O365 is not impacted) that are actively being exploited, with already over 30,000 known compromised machines globally.
Exploitation of these vulnerabilities is widespread and indiscriminate, and threat actors could exploit these vulnerabilities to compromise networks and steal information, perpetrate social engineering fraud, or encrypt data for ransom.
Pulsant is aware that you may be have had a vulnerable version of Microsoft Exchange in your environment. There is evidence to indicate that the vulnerability existed long before the patch was made available from Microsoft and therefore the vulnerability MAY already have been compromised in your infrastructure prior to patching being applied.
According to Microsoft, these are the affected versions are:
• Microsoft Exchange Server 2010 RU31 for Service Pack 3
• Microsoft Exchange Server 2013 CU 23
• Microsoft Exchange Server 2016 CU 18, CU 19
• Microsoft Exchange Server 2019 CU 7, CU 8
These vulnerabilities can be exploited remotely if a threat actor locates a vulnerable server.
Recommendation
Pulsant recommends that our clients take all necessary measures to mitigate against this vulnerability. Please be aware that simply updating/patching your version of Microsoft Exchange may not fully remediate the threat posed by this exploit. It is recommended to follow the guidance from Microsoft.
The recommended steps are noted below:
1. If you have the capability, follow the guidance in CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities to create a forensic image of your system.
2. Check for indicators of compromise (IOCs) by running the Microsoft IOC Detection Tool for Exchange Server Vulnerabilities.
3. Immediately update all instances of on-premises Microsoft Exchange that you may have.
4. If you are unable to immediately apply updates, follow Microsoft’s alternative mitigations in the interim. Note: these mitigations are not an adequate long-term replacement for applying updates; organisations should apply updates as soon as possible.
If you have been compromised, follow the guidance in CISA Alert AA21-062A. For additional incident response guidance, see CISA Alert AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity. Note: Responding to IOCs is essential to evict a threat
5. actor from your network and therefore needs to occur in conjunction with measures to secure the Microsoft Exchange environment.
In addition, Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates.
For additional information about these vulnerabilities or any assistance you may require with regards to the above then please contact Pulsant Service Desk.
It is recommended that clients migrate to O365 at the earliest opportunity, if this is an area that Pulsant can assist then please contact your Account Manager at your earliest convenience.
Mar 3, 11:23 GMT
Exploitation of these vulnerabilities is widespread and indiscriminate, and threat actors could exploit these vulnerabilities to compromise networks and steal information, perpetrate social engineering fraud, or encrypt data for ransom.
Pulsant is aware that you may be have had a vulnerable version of Microsoft Exchange in your environment. There is evidence to indicate that the vulnerability existed long before the patch was made available from Microsoft and therefore the vulnerability MAY already have been compromised in your infrastructure prior to patching being applied.
According to Microsoft, these are the affected versions are:
• Microsoft Exchange Server 2010 RU31 for Service Pack 3
• Microsoft Exchange Server 2013 CU 23
• Microsoft Exchange Server 2016 CU 18, CU 19
• Microsoft Exchange Server 2019 CU 7, CU 8
These vulnerabilities can be exploited remotely if a threat actor locates a vulnerable server.
Recommendation
Pulsant recommends that our clients take all necessary measures to mitigate against this vulnerability. Please be aware that simply updating/patching your version of Microsoft Exchange may not fully remediate the threat posed by this exploit. It is recommended to follow the guidance from Microsoft.
The recommended steps are noted below:
1. If you have the capability, follow the guidance in CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities to create a forensic image of your system.
2. Check for indicators of compromise (IOCs) by running the Microsoft IOC Detection Tool for Exchange Server Vulnerabilities.
3. Immediately update all instances of on-premises Microsoft Exchange that you may have.
4. If you are unable to immediately apply updates, follow Microsoft’s alternative mitigations in the interim. Note: these mitigations are not an adequate long-term replacement for applying updates; organisations should apply updates as soon as possible.
If you have been compromised, follow the guidance in CISA Alert AA21-062A. For additional incident response guidance, see CISA Alert AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity. Note: Responding to IOCs is essential to evict a threat
5. actor from your network and therefore needs to occur in conjunction with measures to secure the Microsoft Exchange environment.
In addition, Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates.
For additional information about these vulnerabilities or any assistance you may require with regards to the above then please contact Pulsant Service Desk.
It is recommended that clients migrate to O365 at the earliest opportunity, if this is an area that Pulsant can assist then please contact your Account Manager at your earliest convenience.
Mar 3, 11:23 GMT
Identified - On March 10th, 2021, F5 announced four critical CVEs, along with three related CVEs (two high and one medium).
The seven (7) related vulnerabilities are as follows:
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
The iControl REST interface has an unauthenticated remote command execution vulnerability.
CVSS score: 9.8 (Critical)
K18132488: Appliance Mode TMUI authenticated remote command execution vulnerability CVE-2021-22987
When running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 9.9 (Critical)
K70031188: TMUI authenticated remote command execution vulnerability CVE-2021-22988
TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 8.8 (High)
K56142644: Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989
When running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 8.0 (High)
K45056101: Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990
On systems with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 6.6 (Medium)
K56715231: TMM buffer-overflow vulnerability CVE-2021-22991
Undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE).
CVSS score: 9.0 (Critical)
K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992
A malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise.
CVSS score: 9.0 (Critical)
More information is available on the following page. https://support.f5.com/csp/article/K02566623
Pulsant are working to mitigate any risk and apply appropriate patching where applicable.
Pulsant recommends that all customers who manage their own load balancers refer to the guidance detailed in the links above.
Mar 12, 10:08 GMT
The seven (7) related vulnerabilities are as follows:
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
The iControl REST interface has an unauthenticated remote command execution vulnerability.
CVSS score: 9.8 (Critical)
K18132488: Appliance Mode TMUI authenticated remote command execution vulnerability CVE-2021-22987
When running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 9.9 (Critical)
K70031188: TMUI authenticated remote command execution vulnerability CVE-2021-22988
TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 8.8 (High)
K56142644: Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989
When running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 8.0 (High)
K45056101: Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990
On systems with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 6.6 (Medium)
K56715231: TMM buffer-overflow vulnerability CVE-2021-22991
Undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE).
CVSS score: 9.0 (Critical)
K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992
A malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise.
CVSS score: 9.0 (Critical)
More information is available on the following page. https://support.f5.com/csp/article/K02566623
Pulsant are working to mitigate any risk and apply appropriate patching where applicable.
Pulsant recommends that all customers who manage their own load balancers refer to the guidance detailed in the links above.
Mar 12, 10:08 GMT
Identified - Advisory ID:
VMSA-2021-0002
Issue Date:
2021-02-23
Synopsis:
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
1. Impacted Products
VMware ESXi
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)
2. Introduction
Multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5) were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
Pulsant are taking steps to work with customers affected by this to resolve or mitigate risk.
More information available here https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Pulsant recommends that all customers who manage their own , follow the guidance detailed in https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Feb 25, 10:34 GMT
VMSA-2021-0002
Issue Date:
2021-02-23
Synopsis:
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
1. Impacted Products
VMware ESXi
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)
2. Introduction
Multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5) were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
Pulsant are taking steps to work with customers affected by this to resolve or mitigate risk.
More information available here https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Pulsant recommends that all customers who manage their own , follow the guidance detailed in https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Feb 25, 10:34 GMT
About This Site
We are the UK’s leading colocation and cloud infrastructure provider.
We provide colocation and cloud infrastructure services from our 10 regional data centres, including integration and management of public cloud, with a core focus on availability, security and connectivity.
Business Continuity
Operational
Cloud Backup (Asigra) Edinburgh
Operational
Cloud Backup (Asigra) Milton Keynes
Operational
Cloud Backup (Asigra) Newcastle
Operational
Cloud Backup (Asigra) Reading
Operational
Cloud Backup (Veeam) Edinburgh
Operational
Cloud Backup (Veeam) Milton Keynes
Operational
Disaster Recovery
Operational
Data Centre Services
Operational
Edinburgh Medway
Operational
Edinburgh Newbridge
Operational
Edinburgh South Gyle
Operational
Glasgow
Operational
Maidenhead
Operational
Milton Keynes
Operational
Newcastle Central
Operational
Newcastle East
Operational
Reading
Operational
Sheffield
Operational
South London
Operational
Managed Cloud
Operational
Azure
Operational
AWS
Operational
Cloud Storage Edinburgh
Operational
Cloud Storage Milton Keynes
Operational
Cloud Storage Newcastle Central
Operational
Cloud Storage Newcastle East
Operational
Cloud Storage Reading
Operational
Managed Office 365
Operational
Pulsant Enterprise Cloud (PEC) Edinburgh
Operational
Pulsant Enterprise Cloud (PEC) Milton Keynes
Operational
Pulsant Enterprise Cloud (PEC) Newcastle Central
Operational
Pulsant Enterprise Cloud (PEC) Newcastle East
Operational
Pulsant Enterprise Cloud (PEC) Reading
Operational
Cloud Desktop Milton Keynes
Operational
Cloud Desktop Edinburgh
Operational
Email Security Services
Operational
Managed Networks
Operational
Cloud Connect
Operational
Maidenhead
Operational
Medway
Operational
Milton Keynes
Operational
Newcastle
Operational
Newbridge
Operational
Reading
Operational
South Gyle
Operational
South London
Operational
South Yorkshire
Operational
Leased Lines
Operational
xDSL Services
Operational
IP Transit
Operational
Data Centre Failover
Operational
Content Delivery Network (CDN)
Operational
Cloud Fabric
Operational
Data Centre Connect
Operational
Metro Connect
Operational
Optical Connect
Operational
Managed Security
Operational
Cloud Protect
Operational
DDoS Protect
Operational
Threat Intelligence Alert
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.