Microsoft has made public four vulnerabilities in Microsoft Exchange Server that require urgent attention. The announcement can be read in full here.
These vulnerabilities were originally being targeted by a state based hacking group called Hafnium to gain access to Exchange email servers primarily based in the United States.
There is now evidence that other hacking groups are now using these Exchange server vulnerabilities to target email servers worldwide.
Microsoft Exchange 2013
Microsoft Exchange 2016
Microsoft Exchange 2019
A security update has also been released for Exchange 2010 although not in specific response to these vulnerabilities.
Exchange Online or Office 365 email accounts are not affected and CPiO Cloud Exchange servers have all been patched.
With CPiO Cloud and MSP we resolve your issues before they manifest, usually before customers are even aware of any issue.
What action should you take:
Check Patch Levels of your Microsoft Exchange Server additional details can be found below.
Update affected Exchange servers as soon as possible.
Be aware that installing the updates may take a number of hours depending on current patch levels and hardware performance.
Run all updates as administrator and ensure a complete backup of the Exchange server is available before applying the updates.
Scan Exchange server logs for Indicators of Compromise using the Microsoft Test-ProxyLogon script.
Scan the Exchange server for web shells using the Microsoft detect_webshells script.
Scan the Exchange server using the latest version of the Microsoft Safety Scanner (MSERT).
Continue to monitor for suspicious activity.
Talk to your CPiO account manager about the proactive IT support services available from CPiO.
Exchange Server Security Updates:
If you require assistance or would like to discuss how CPiO Technical services could help your business, please contact us