Microsoft is asking customers to apply its latest updates to protect Exchange Server from hackers who continue to target the platform to access corporate mailboxes and obtain corporate address books for phishing.
“Attackers looking to exploit unpatched Exchange servers won’t go away,” Microsoft’s Exchange team warning in an update.
“We know it’s important to protect your Exchange environment, and we know it’s never-ending,” it added.
Also: How to tighten your security in Microsoft Edge
The warning from Redmond follows the Cybersecurity and Infrastructure Security Agency (CISA) earlier this month, ordered federal agencies to patch exchange error CVE-2022-41080.
Microsoft has released a Update for Elevated Privilege Vulnerability in November and the researchers at CrowdStrike afterwards Find that attackers combined it with CVE-2022-41082 — one of the pair of ProxyNotShell bugs — to execute remote code.
Microsoft notes that unpatched Exchange Server is a popular target because of the value of mailboxes, and the fact that Exchange Server contains a copy of the company’s address book, which is useful for further phishing attacks. according to the. Additionally, Exchange has “deep hooks” into permissions in Active Directory and, in hybrid environments, also gives attackers access to connected cloud environments.
To protect your Exchange server against attacks that exploit known vulnerabilities, you “need to” install the latest supported cumulative update (CU), that is CU12 for Exchange Server 2019, CU23 for Exchange Server 2016and CU23 for Exchange Server 2013and the latest security update (SU), which is January 2023 SUMicrosoft said.
Administrators only need to install the latest Exchange Server CU and SU because they are cumulative updates. However, you should install the latest CU and then check if any SU was released after the CU was released.
Exchange Server came into the spotlight in early 2021 after Microsoft patched four zero-day vulnerabilities, known as ProxyShell, that were exploited by state-backed, Chinese-backed attackers. It’s a first Google Project Zero detected Exchange Server 0 days since it started tracking them in 2014.
Microsoft is advising administrators to always run health check after installing the update to check the manual actions required after the update. Health Checker provides links to step-by-step instructions.
Also: Cybersecurity personnel are having a hard time. Here’s how to better support them
The tech giant also noted that it may release a mitigation for the known vulnerability before releasing SU. The automatically applied option is Exchange Emergency Mitigation Serviceand a manual option is On-premises Exchange Mitigation.
