Cyberattacks: Gaps in Zimbra and Microsoft Partner Center under attack

The US IT security authority CISA warns of security vulnerabilities in several products that are already under attack. According to the agency, vulnerabilities in Microsoft's Partner Center and in the groupware Zimbra are currently under attack on the Internet.

CISA warns of this in a security notice, which allows US authorities three weeks to close the gaps. The vulnerability in the Microsoft Partner Center became known last November. It allows attackers from the network to elevate their rights without prior authentication – Access rights were not applied correctly(CVE-2024-49035, CVSS according to NIST assessment now 9.8, critical; Microsoft evaluates the risk as “high” with CVSS 8.7). The vulnerability was already considered to be under attack in the wild in November; it is unclear whether CISA is now late or whether new attacks have been observed.

Groupware under attack

CISA has also warned of attacks on the Zimbra groupware. Criminals are targeting a cross-site scripting vulnerability that allows attackers from the network to inject arbitrary code with a manipulated script in the /h/autoSaveDraft function after logging in (CVE-2023-34192, CVSS 9.0, risk “critical”). Zimbra ZCS 8.8.15 was affected, newer versions patch the vulnerability.

The US authority CISA does not provide any further information on the observed attacks on the vulnerabilities. It therefore remains unclear to what extent they occur or how they can be identified. Unfortunately, there is also no help for defense, for example with indications of compromise (Indicators of Compromise, IOCs).

Around two weeks ago, further security vulnerabilities were discovered in Zimbra, including security leaks classified as critical risks. IT managers who use this groupware should install the updates to versions 9.0.0 Patch 44, 10.0.13 or 10.1.5 as soon as possible.

(dmk)