Does your organization use Exchange Server to handle your company’s email? If so then you are probably already aware of the critical security flaw that has been discovered and it puts your server at risk.
This year has not been good for Microsoft Exchange. Vulnerability CVE-2021-42321 has been found to impact both Exchange Server 2016 and 2019.
Adding to the criticality is that Microsoft is now reporting that this issue has been found being exploiting impacted servers in the wild. If there is a bright side to this security flaw it only impacts “on-premises” and “Hybrid mode” Exchange Servers, Exchange Online you are not at risk.
The problems for Exchange began in March 2021, in one Forbes article in March 2021 they noted the company faced a massive wave of attacks that were apparently launched by a number of state-backed threat actors, China being one. This first wave of attacks relied on ProxyLogon exploits, if an attacker was successful they would deployed ransomware, cryptominers, and other malware strains. They attempted to infected as many targets as they could.
When admins thought the attacks were over July 2021 introduced a new wave of attacks that targeted the US and Asia. Not surprising the attacks appeared to be coming from China. These attacks relied on the Windows PetitPotam exploits and attempted to deploy LockFile ransomware on infected systems.
In the beginning if you have an Exchange administrator they were probably overwhelmed, until the patch was available. Finally some good news all of the patches released in March and August seemed to fix any issues..
Lesson of the day, if you run an Exchange Server that is on-site or Hybrid Mode verify with your IT department or IT consulting company you have applied all of the latest patches for Exchange. There might be a little downtime as the server(s) reboot, but it is better than being exploited and have to clean up from a ransomware attack. Keep in mind that just because you patch, you are never done, but this should minimize your risk of being exploited.
If you need assistance feel free to reach out to us, we will be happy to consult with you. Our managed service plans would ensure your servers are patched and if a threat is found on your server, we would detect it.
Also, if you have not received my eBook on a few important IT Security Basics, request it here for free.