Microsoft is asking customers to apply its latest updates to protect Exchange Server from hackers who continue to target the platform to access corporate mailboxes and corporate address books for phishing.
“Attackers looking to exploit unpatched Exchange servers are not going away,” Microsoft’s Exchange team warns in an update.
“We know it’s critical to protect your Exchange environment, and we know it will never end,” he added.
Also: How to boost your security in Microsoft Edge
Redmond’s warning follows the Cybersecurity and Infrastructure Security Agency (CISA) earlier this month ordering federal agencies to fix Exchange bug CVE-2022-41080.
Microsoft released an update for the elevation of privilege flaw in November, and CrowdStrike researchers later discovered that attackers had combined it with CVE-2022-41082 – one of two ProxyNotShell bugs – to perform remote code execution.
Unpatched Exchange Server is a popular target due to the value of mailboxes and the fact that Exchange Server contains a copy of the corporate address book, which is useful for later phishing attacks, Microsoft notes . Additionally, Exchange has “deep hooks” in permissions within Active Directory and, in a hybrid environment, also gives an attacker access to the connected cloud environment.
To defend your Exchange servers against attacks exploiting known vulnerabilities, you “to have to” install the latest supported Cumulative Update (CU), which is CU12 for Exchange Server 2019, CU23 for Exchange Server 2016, and CU23 for Exchange Server 2013, and the latest Security Update (SU), which is the SU of January 2023, according to Microsoft.
Administrators only need to install the latest Exchange Server CUs and SUs, as these are cumulative updates. However, he recommends installing the latest CU and then checking if any SUs were released after the CU was released.
Exchange Server came under particular scrutiny in early 2021 after Microsoft patched four zero-day flaws, known as ProxyShell, which were exploited by China-backed and government-sponsored attackers. State. This was the first time Google Project Zero had seen Exchange Server zero days detected since it started tracking them in 2014.
Microsoft advises administrators to always run Health Checker after installing an update to check for manual tasks required after the update. Health Checker provides links to step-by-step guidance.
Also: Cybersecurity personnel are struggling. Here’s how to better accompany them
The tech giant also notes that it may release a mitigation for a known vulnerability before releasing an SU. The automatically applied option is the Exchange Emergency Mitigation Service and a manual option is the Exchange On-Premises Mitigation Tool.