By: Jake Schulte, IT Manager
This week Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.
Before panic sets in, it’s important to note that Exchange Online is not affected. If you’re currently using Microsoft 365 services through Networks Plus and using Exchange Online – no action is needed.
Microsoft released patches for multiple on-premises Microsoft Exchange Server zero-day vulnerabilities being exploited by a nation-state affiliated group. The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019.
To minimize or avoid impacts of this situation, Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments. To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
Microsoft published a blog providing an overview of the attack and a link to the security updates that were released. You can view that information here: Microsoft Blog – New nation-state cyberattacks.