The attacks on Microsoft Exchange Server are currently a fluid situation. To help organizations protect themselves from exploits, Microsoft has now issued patches for versions of Exchange Server that are unsupported.
This round of patches follows fixes rolled out for the company for supported versions. Those already with patches are Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. With the latest round of security fixes, Microsoft is shoring up earlier Exchange versions.
These are versions of the service that had fallen out of support for being too old. That’s a rare move for Microsoft but the gravity of the situation is clear with over 30,000 organizations compromised by the attacks.
By using remote back access attacks against Microsoft Exchange Server, threat actors can access email accounts. 30,000 organizations have already been impacted by the vulnerability. All the critical vulnerabilities are found in Exchange Server 2019, 2016, and 2013. Only Exchange Online has escaped the flaw.
The vulnerabilities are as follows:
- CVE-2021-26855: CVSS 9.1
- CVE-2021-26857: CVSS 7.8
- CVE-2021-26858: CVSS 7.8
- CVE-2021-27065: CVSS 7.8
Prevention
Earlier today, we reported the Biden administration has set up a taskforce to monitor the attacks. Microsoft says updating Exchange Server is the best way to avoid the exploit. Furthermore, the company has launched a tool to help customers know if they have been breached.
Security researcher Krebs on Security (Christopher Krebs) says more than 30,000 companies in the U.S. alone have been hit by the attack. He adds most of these organizations are small businesses and governments:
“If your organization runs an [Outlook Web Access] server exposed to the internet, assume compromise between [February 26 and March 3].”
Tip of the day:
If your PC keeps connecting to the wrong WiFi network, you can set WiFi priority to avoid the need to manually select access points over and over again.