30 January 2023

Microsoft urges customers to patch on-premises Exchange servers


Microsoft urges customers to patch on-premises Exchange servers

Microsoft has urged its customers to patch their on-premises Exchange servers as soon as possible, as unpatched servers may provide a way for malicious actors to breach an organization’s network.

“Attackers looking to exploit unpatched Exchange servers are not going to go away. There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts,” the company explained in a blog post. “First, user mailboxes often contain critical and sensitive data. Second, every Exchange server contains a copy of the company address book, which provides a lot of information that is useful for social engineering attacks, including organizational structure, titles, contact info, and more. And third, Exchange has deep hooks into and permissions within Active Directory, and in a hybrid environment, access to the connected cloud environment.”

To defend servers against attacks exploiting known vulnerabilities administrators are advised to install the latest supported Cumulative Updates (CU12 for Exchange Server 2019, CU23 for Exchange Server 2016, and CU23 for Exchange Server 2013, January 2023 SU).

According to a recent research, Microsoft Exchange vulnerabilities top the list of the most commonly exploited flaws by threat actors. These include CVE-2021-31206, the infamous “ProxyShell” (CVE-2021-34523, CVE-2021-31207 and CVE-2021-34473), and “ProxyLogon” vulnerabilities. Furthermore, in early January researchers reported that nearly 60,000 Exchange servers have been found to be vulnerable to a pair of Exchange flaws collectively nicknamed “ProxyNotShell.”

Vulnerable Exchange servers are valuable targets for cybercriminals, who often use compromised servers as a way to break into organizations’ networks. For instance, FIN7, a well-known, financially motivated group focused on targeting businesses worldwide, developed an auto-attack system, which scans for multiple Microsoft Exchange remote code execution and privilege elevation vulnerabilities like CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207.


Back to the list

Latest Posts

Threat actors abusing Foxit PDF Reader flaw to deploy multiple malware variants

Threat actors abusing Foxit PDF Reader flaw to deploy multiple malware variants

The flaw involves Foxit PDF Reader's handling of pop-up messages.
20 May 2024
China-linked APT group uses malware to spy on commercial shipping

China-linked APT group uses malware to spy on commercial shipping

Mustang Panda infiltrated the computer systems of cargo shipping companies in Norway, Greece, and the Netherlands.
20 May 2024
The Grandoreiro malware is back up and running after January disruption

The Grandoreiro malware is back up and running after January disruption

Grandoreiro now targets over 1,500 banks worldwide, spanning more than 60 countries across Central and South America, Africa, Europe, and the Indo-Pacific region.
20 May 2024