Microsoft Exchange Server Updates Resolve 0-Day Vulnerabilities

Forum Moderators: open

Message Too Old, No Replies

Microsoft Exchange Server Updates Resolve 0-Day Vulnerabilities

engine

9:51 am on Mar 3, 2021 (gmt 0)

Microsoft is urging users of Microsoft Exchange Server 2013, 2016, and 2019 to update after zero-day vulnerabilities were fixed.

We recommend prioritizing installing updates on Exchange Servers that are externally facing. All affected Exchange Servers should ultimately be updated.

[msrc-blog.microsoft.com...]

engine

12:36 pm on Mar 8, 2021 (gmt 0)

It seems that the European Banking Authority's email servers have been compromised by a cyber-attack, and it makes you wonder how many others are out there.
[bbc.co.uk...]

engine

6:25 pm on Mar 8, 2021 (gmt 0)

When you look at the timeline on this vulnerability, it doesn't look good. The reports go back to January 2021, but the actual flaw existed since 2010.
[proxylogon.com...]

Krebs has an interesting timeline.
[krebsonsecurity.com...]

engine

4:50 pm on Mar 22, 2021 (gmt 0)

I find it surprising that even today users have unpatched systems.

According to reports, only about half of the Exchange servers online have applied the patch supplied by Microsoft. :O

Even if organisations have already applied the relevant security updates, there's no guarantee they were not compromised by malicious hackers before the patches were applied � so it's important to analyse the network to examine if it has already been accessed by cyber criminals.

[zdnet.com...]

lammert

7:36 pm on Mar 22, 2021 (gmt 0)

The Microsoft Exchange servers I see at clients premises are mainly managed by wannabee system administrators like the head of accounting or the son of the owner. They have no in-depth knowledge of security. It's part of the eco-system that Microsoft has created where everyone can run a Windows based network environment with just some fancy GUI tools.