On Tuesday 3/2/2021 Microsoft Corp. released fixes to plug four security holes that attackers have been using to exploit Microsoft Exchange Server 2013, 2016 and 2019. The company says all four flaws are being actively exploited as part of a complex attack chain deployed.
Jen Psaki, White House press secretary, said last Friday that there was currently an “active threat” from hackers exploiting four flaws in Microsoft’s Exchange email application, which the tech group disclosed earlier this week.
“This is a significant vulnerability that could have far-reaching impacts,” Psaki said. “We are concerned that there are a large number of victims and are working with our partners to understand the scope.”
Brian Krebs, a cybersecurity researcher, claimed in a blog post last Friday that at least 30,000 organizations “including a significant number of small businesses, towns, cities and local governments” had been hacked in the past few days following Microsoft’s disclosure, citing multiple sources briefed on the matter.
By now your IT group should have already informed you they know about the vulnerability and are working on it. If not, companies should immediately inform their IT group to audit and align their Exchange servers with the released updates. While the vulnerabilities are not impacting Microsoft 365 services, companies often leave Exchange servers setup to work in conjunction with Microsoft 365 leaving the vulnerability present.
As technology continues to evolve, so does the need for strategic guidance. That’s why for the last 18+ years, Thriveon has deployed an approach that proactively eliminates IT risk and supports business growth.