Zimbra Collaboration Suite (ZCS) email servers are being actively targeted and compromised through a zero-day vulnerability, prompting the company to urge administrators to manually apply a fix. ZCS is widely used by over 200,000 businesses across 140 countries, including government and financial organizations.
Furthermore, the vulnerability, an exploited reflected Cross-Site Scripting (XSS) flaw, was discovered during a targeted attack and allows threat actors to steal user information or execute malicious code. Zimbra has not yet released official security patches but has provided instructions for administrators to mitigate the vulnerability by making manual fixes to mailbox nodes.
To address the zero-day vulnerability, Zimbra advises administrators to apply the fix manually to maintain a high level of security across their mailbox nodes. The step-by-step procedure involves taking a backup of a specific file and updating parameter values to prevent XSS flaws.
Importantly, the fix can be implemented without causing downtime, eliminating the need to restart Zimbra services.
Additionally, given the history of Zimbra server breaches, with vulnerabilities like authentication bypass and remote code execution being exploited in the past, administrators should prioritize addressing this actively exploited zero-day flaw.
At the same time, multiple vulnerabilities in Zimbra have been used to compromise hundreds of email servers worldwide, including incidents involving an unpatched remote code execution vulnerability and a reflected XSS bug targeted by a Russian hacking group.
Mitigating the current zero-day vulnerability is crucial to safeguarding the confidentiality and integrity of data for organizations relying on ZCS.