[ad_1]
Microsoft is telling customers to apply the latest updates to protect against hackers targeting the platform to access corporate mailboxes and raid company address books.
“Attackers looking to exploit unpatched Exchange servers are not going away,” Microsoft’s Exchange team warned in an update.
“We know that protecting your exchange environment is critical, and it will never end,” he added.
Also: How to strengthen your security in Microsoft Edge
Redmond’s warning follows the Cybersecurity and Infrastructure Security Agency (CISA) earlier this month ordering federal agencies to fix the Exchange bug CVE-2022-41080.
Microsoft released a patch to fix the privilege flaw in November, and researchers at CrowdStrike later confirmed that attackers exploited CVE-2022-41082 — one of a pair of ProxyNotShell bugs — for remote code execution.
Unpatched Exchange Server is a popular target due to the value of mailboxes and the fact that Exchange Server has a copy of the company’s address book, which is useful for future phishing attacks, Microsoft said. Exchange also has “deep hooks” into Active Directory, and in a hybrid environment, it also gives an attacker access to the connected cloud environment.
To protect your Exchange servers against attacks that exploit known vulnerabilities, you “should” It includes the latest supported cumulative update (CU12), CU12 for Exchange Server 2019, CU23 for Exchange Server 2016, and CU23 for Exchange Server 2013, and the latest security update (SU), which is the January 2023 SU, Microsoft says.
Administrators only need to install the latest Exchange Server CUs and SUs because they are cumulative updates. However, it is recommended to install the latest CU and see if any SUs have been released since that CU was released.
Microsoft turned its attention in early 2021 to four zero-day vulnerabilities known as proxyshells that were used by state-sponsored attackers in China. This is the first time that Exchange Server has had zero days since Google started tracking Project Zero in 2014.
Microsoft is recommending that administrators always run Health Checker after installing an update to check for manual actions required after the update. Health Checker provides links to step-by-step instructions.
as well – Cyber security workers are struggling. Here’s how to support them better
The tech giant also revealed that it may release mitigations for known vulnerabilities before releasing SU. The automated option is Exchange Emergency Mitigation Services, while the manual option is an on-premises Exchange Mitigation Tool.
[ad_2]
Source link