Security

Patch management is crucial to protect Exchange servers, Microsoft warns

Microsoft warns customers to patch their Exchange servers because attackers always look to exploit unpatched installs.

Microsoft published a post to urge its customers to protect their Exchange servers because threat actors actively attempt to exploit vulnerabilities in unpatched installs. The IT giant recommends installing the latest available Cumulative Update (CU) and Security Update (SU) on Exchange servers 

“There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts.” reads the post published by Microsoft. “First, user mailboxes often contain critical and sensitive data. Second, every Exchange server contains a copy of the company address book, which provides a lot of information that is useful for social engineering attacks, including organizational structure, titles, contact info, and more. And third, Exchange has deep hooks into and permissions within Active Directory, and in a hybrid environment, access to the connected cloud environment.”

Threat actors can exploit vulnerabilities in unpatched installs to steal sensitive information contained in user mailboxes, gather intelligence on the target’s activity, or access the connected cloud environment.

After installing an update, administrators are recommended to perform some manual tasks, Microsoft recommends running Health Checker after installing an update to check for such tasks. Health Checker provides them with links to articles that provide step-by-step guidance.

The IT giant pointed out that mitigations are designed to provide temporary protection until an SU is available, however, they can become insufficient to protect against all variations of an attack, for this reason, it is essential to install applicable SU.

Below is the list of recommendations provided by the company:

  • Be sure to always read our blog post announcements, noting known issues and recommended or required manual actions. For CUs, always follow our guidance and best practices, and for SUs, use the Security Update Guide to find relevant information.
  • Be sure to review our update FAQ in the article Why Exchange Server Updates Matter.
  • Use the Exchange Server Health Checker to inventory your servers and see which Exchange servers need updates (CUs or SUs), and if any manual action needs to be taken.
  • Once you know what updates are needed, use the Exchange updates step-by-step guide (aka the Exchange Update Wizard) to choose your currently running CU and your target CU and get directions for updating your environment.
  • If you encounter errors during update installation, the SetupAssist script can help troubleshoot them. And if something does not work properly after updates, have a look at the Update Troubleshooting Guide, which covers the most common issues and how to resolve them.
  • Be sure to install any necessary updates for Windows Server and other software that might be running on your Exchange server(s).
  • Be sure to install any necessary updates on dependency servers, including Active Directory, DNS, and other servers used by Exchange.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Exchange servers)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

12 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

19 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.