Microsoft published a post to urge its customers to protect their Exchange servers because threat actors actively attempt to exploit vulnerabilities in unpatched installs. The IT giant recommends installing the latest available Cumulative Update (CU) and Security Update (SU) on Exchange servers
“There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts.” reads the post published by Microsoft. “First, user mailboxes often contain critical and sensitive data. Second, every Exchange server contains a copy of the company address book, which provides a lot of information that is useful for social engineering attacks, including organizational structure, titles, contact info, and more. And third, Exchange has deep hooks into and permissions within Active Directory, and in a hybrid environment, access to the connected cloud environment.”
Threat actors can exploit vulnerabilities in unpatched installs to steal sensitive information contained in user mailboxes, gather intelligence on the target’s activity, or access the connected cloud environment.
After installing an update, administrators are recommended to perform some manual tasks, Microsoft recommends running Health Checker after installing an update to check for such tasks. Health Checker provides them with links to articles that provide step-by-step guidance.
The IT giant pointed out that mitigations are designed to provide temporary protection until an SU is available, however, they can become insufficient to protect against all variations of an attack, for this reason, it is essential to install applicable SU.
Below is the list of recommendations provided by the company:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Microsoft Exchange servers)