Hackers Exploiting Unpatched Exchange Servers in The Wild

Microsoft has been strongly encouraging its customers to keep updating their Exchange servers, in addition to taking steps to ensure that the environment remains secured with robust security implementations.

While doing so, users can do the following things:-

• Enable Windows Extended Protection. 
• Configure certificate-based signing of PowerShell serialization payloads

The number of attacks against unpatched Exchange servers will not diminish as long as unpatched servers remain unpatched. The unpatched environment of on-premises Exchange provides threat actors with too many opportunities for exfiltrating data and committing other illegal activities.

Numerous security flaws in Exchange Server have been uncovered in the past two years, leading to widespread exploitation in some cases.

Updating Unpatched Exchange Servers

Microsoft stresses that their security measures are temporary fixes and may not defend against all attack variations, thus requiring users to update security through provided updates.

Recent years have seen Exchange Server become an advantageous target for attackers due to numerous security vulnerabilities that have been exploited as zero-day attacks to penetrate systems.

Ensure the protection of your Exchange servers from exploits targeting recognized vulnerabilities by installing the latest cumulative update and the most recent security update that is supported.

The cumulative updates are available for:-

• CU12 for Exchange Server 2019
• CU23 for Exchange Server 2016
• CU23 for Exchange Server 2013

The available security update:-

• January 2023 SU

The cumulative updates and security updates for Exchange Server are cumulative, which means that only the most recent one needs to be installed.

It’s crucial to run Health Checker post-update installation to identify any manual tasks required by the admin. Using Health Checker, you can access step-by-step guides and articles that provide you with all the information you need.

Recommendations

Here below we have mentioned all the recommendations offered by Microsoft:-

• Always pay attention to the blog post announcements that Microsoft publishes, to keep informed of known issues and any manual actions Microsoft recommends or requires.
• Make sure that you always review the FAQ before installing an update.
• If you are looking for ways to inventory your servers and find out which of them need to be updated, then the Exchange Server Health Checker may help you.
• Use the Exchange Update Wizard to upgrade your environment by selecting your current and target Cumulative Updates (CU) after determining the required updates.
• The SetupAssist script can assist you in troubleshooting any errors that may occur during the update installation process.
• There might be certain updates that you need to install on your Exchange server(s) in order to keep them up-to-date, so you should make sure that you do so.
• Ensure to update dependent servers, such as Active Directory, DNS, and other servers utilized by Exchange, prior to installing necessary updates.

There is never an end to the amount of security work that needs to be done in order to keep your Exchange environment secure. However, the Exchange Server update process is constantly being reviewed by Microsoft in order to find ways to simplify it and make it more reliable.

Network Security Checklist – Download Free E-Book