Register now for better personalized quote!

Microsoft warning: Protect this critical piece of your tech infrastructure

Jan, 30, 2023 Hi-network.com
Image: Getty Images

Microsoft is telling customers to apply its latest updates to shield Exchange Server from hackers that keep targeting the platform to access corporate mailboxes and nab company address books for phishing. 

"Attackers looking to exploit unpatched Exchange servers are not going to go away," Microsoft's Exchange team warns in an update. 

"We know that keeping your Exchange environment protected is critical, and we know it's never ending," it added. 

Also:How to tighten your security in Microsoft Edge

The warning from Redmond follows the Cybersecurity and Infrastructure Security Agency (CISA) earlier this month, ordering federal agencies to patch the Exchange bug CVE-2022-41080. 

Microsoft released an update for the elevation of privilege flaw in November, and researchers at CrowdStrike later found that attackers had combined it with CVE-2022-41082 -- one of the ProxyNotShell pair of bugs -- to achieve remote code execution.  

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

Unpatched Exchange Server is a popular target because of the value of mailboxes and the fact that Exchange Server contains a copy of the company address book, which is useful for subsequent phishing attacks, Microsoft notes. Additionally, Exchange has "deep hooks" into permissions within Active Directory, and, in a hybrid environment, also gives an attacker access to the connected cloud environment. 

To defend your Exchange servers against attacks that exploit known vulnerabilities, you "must"install the latest supported cumulative update (CU), which is CU12 for Exchange Server 2019, CU23 for Exchange Server 2016, and CU23 for Exchange Server 2013, and the latest security update (SU), which is the January 2023 SU, Microsoft says. 

Admins only need to install the latest Exchange Server CUs and SU because they're cumulative updates. However, it recommends installing the latest CU and then checking to see if any SUs were released after the CU was released. 

Exchange Server came into focus in early 2021 after Microsoft patched four zero-day flaws, known as ProxyShell, which were exploited by China-backed, state-sponsored attackers. It was the first time Google Project Zero had seen Exchange Server zero days detected since it began tracking them in 2014.    

Microsoft is advising admins to always run Health Checker after installing an update to check for manual tasks required after the update. Health Checker provides links to step-by-step guidance.

Also: Cybersecurity staff are struggling. Here's how to support them better

The tech giant also notes that it may release a mitigation for a known vulnerability ahead of releasing an SU. The automatically applied option is the Exchange Emergency Mitigation Service, and a manual option is the Exchange On-Premises Mitigation Tool. 

More Microsoft

Is Windows 10 too popular for its own good?The best Windows laptop models: Comparing Dell, Samsung, Lenovo, and moreHere's why Windows PCs are only going to get more annoyingHow to downgrade from Windows 11 to Windows 10 (there's a catch)
  • Is Windows 10 too popular for its own good?
  • The best Windows laptop models: Comparing Dell, Samsung, Lenovo, and more
  • Here's why Windows PCs are only going to get more annoying
  • How to downgrade from Windows 11 to Windows 10 (there's a catch)

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.