Critical Vulnerabilities Found on Exchange Server 2019, 2016, and 2013
Authored by: Mark Shaffer
Microsoft released several security updates for Microsoft Exchange Server to address vulnerabilities that have already been used in limited targeted attacks. Due to the critical nature of these vulnerabilities, it is recommended that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem.
The vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.
The identified vulnerable versions are:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
Microsoft Exchange Server 2010 is being updated for Defense-In-Depth purposes.
These vulnerabilities can be strung together to create an attack chain. The initial attack requires the ability to make an unauthorized connection to the Exchange server port 443. This can be prevented by restricting unauthorized connections, or by setting up a VPN to separate the Exchange server from external access. Using this mitigation will only protect against the initial portion of the attack; other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file.
We recommend prioritizing installing updates on Exchange Servers that are externally facing. All affected Exchange Servers should be updated.
CISA Issues Emergency Directive and Alert on Microsoft Exchange Vulnerabilities | CISA
Kadian currently works with the Information Security Services Group as well as higher education group providing compliance services, outsourcing and co-sourcing engagements and information security assessments.
Comments are closed.