Pierluigi Paganini January 27, 2023

Microsoft warns customers to patch their Exchange servers because attackers always look to exploit unpatched installs.

Microsoft published a post to urge its customers to protect their Exchange servers because threat actors actively attempt to exploit vulnerabilities in unpatched installs. The IT giant recommends installing the latest available Cumulative Update (CU) and Security Update (SU) on Exchange servers 

“There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts.” reads the post published by Microsoft. “First, user mailboxes often contain critical and sensitive data. Second, every Exchange server contains a copy of the company address book, which provides a lot of information that is useful for social engineering attacks, including organizational structure, titles, contact info, and more. And third, Exchange has deep hooks into and permissions within Active Directory, and in a hybrid environment, access to the connected cloud environment.”

Threat actors can exploit vulnerabilities in unpatched installs to steal sensitive information contained in user mailboxes, gather intelligence on the target’s activity, or access the connected cloud environment.

After installing an update, administrators are recommended to perform some manual tasks, Microsoft recommends running Health Checker after installing an update to check for such tasks. Health Checker provides them with links to articles that provide step-by-step guidance.

The IT giant pointed out that mitigations are designed to provide temporary protection until an SU is available, however, they can become insufficient to protect against all variations of an attack, for this reason, it is essential to install applicable SU.

Below is the list of recommendations provided by the company:

• Be sure to always read our blog post announcements, noting known issues and recommended or required manual actions. For CUs, always follow our guidance and best practices, and for SUs, use the Security Update Guide to find relevant information.
• Be sure to review our update FAQ in the article Why Exchange Server Updates Matter.
• Use the Exchange Server Health Checker to inventory your servers and see which Exchange servers need updates (CUs or SUs), and if any manual action needs to be taken.
• Once you know what updates are needed, use the Exchange updates step-by-step guide (aka the Exchange Update Wizard) to choose your currently running CU and your target CU and get directions for updating your environment.
• If you encounter errors during update installation, the SetupAssist script can help troubleshoot them. And if something does not work properly after updates, have a look at the Update Troubleshooting Guide, which covers the most common issues and how to resolve them.
• Be sure to install any necessary updates for Windows Server and other software that might be running on your Exchange server(s).
• Be sure to install any necessary updates on dependency servers, including Active Directory, DNS, and other servers used by Exchange.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Exchange servers)