Sunday, July 21, 2024
EHA

Hackers Exploiting Unpatched Exchange Servers in The Wild

Microsoft has been strongly encouraging its customers to keep updating their Exchange servers, in addition to taking steps to ensure that the environment remains secured with robust security implementations.

While doing so, users can do the following things:-

The number of attacks against unpatched Exchange servers will not diminish as long as unpatched servers remain unpatched. The unpatched environment of on-premises Exchange provides threat actors with too many opportunities for exfiltrating data and committing other illegal activities.

Numerous security flaws in Exchange Server have been uncovered in the past two years, leading to widespread exploitation in some cases.

Updating Unpatched Exchange Servers

Microsoft stresses that their security measures are temporary fixes and may not defend against all attack variations, thus requiring users to update security through provided updates.

Recent years have seen Exchange Server become an advantageous target for attackers due to numerous security vulnerabilities that have been exploited as zero-day attacks to penetrate systems.

Ensure the protection of your Exchange servers from exploits targeting recognized vulnerabilities by installing the latest cumulative update and the most recent security update that is supported.

The cumulative updates are available for:-

  • CU12 for Exchange Server 2019
  • CU23 for Exchange Server 2016
  • CU23 for Exchange Server 2013

The available security update:-

  • January 2023 SU

The cumulative updates and security updates for Exchange Server are cumulative, which means that only the most recent one needs to be installed.

It’s crucial to run Health Checker post-update installation to identify any manual tasks required by the admin. Using Health Checker, you can access step-by-step guides and articles that provide you with all the information you need.

Recommendations

Here below we have mentioned all the recommendations offered by Microsoft:-

  • Always pay attention to the blog post announcements that Microsoft publishes, to keep informed of known issues and any manual actions Microsoft recommends or requires.
  • Make sure that you always review the FAQ before installing an update.
  • If you are looking for ways to inventory your servers and find out which of them need to be updated, then the Exchange Server Health Checker may help you.
  • Use the Exchange Update Wizard to upgrade your environment by selecting your current and target Cumulative Updates (CU) after determining the required updates.
  • The SetupAssist script can assist you in troubleshooting any errors that may occur during the update installation process.
  • There might be certain updates that you need to install on your Exchange server(s) in order to keep them up-to-date, so you should make sure that you do so.
  • Ensure to update dependent servers, such as Active Directory, DNS, and other servers utilized by Exchange, prior to installing necessary updates.

There is never an end to the amount of security work that needs to be done in order to keep your Exchange environment secure. However, the Exchange Server update process is constantly being reviewed by Microsoft in order to find ways to simplify it and make it more reliable.

Network Security Checklist – Download Free E-Book

Website

Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles