Site icon TechNewsBoy.com

Microsoft warning: Protect this critical piece of your tech infrastructure

Image: Getty Images

Microsoft is telling customers to apply its latest updates to shield Exchange Server from hackers that keep targeting the platform to access corporate mailboxes and nab company address books for phishing. 

“Attackers looking to exploit unpatched Exchange servers are not going to go away,” Microsoft’s Exchange team warns in an update

“We know that keeping your Exchange environment protected is critical, and we know it’s never ending,” it added. 

Also: How to tighten your security in Microsoft Edge

The warning from Redmond follows the Cybersecurity and Infrastructure Security Agency (CISA) earlier this month, ordering federal agencies to patch the Exchange bug CVE-2022-41080

Microsoft released an update for the elevation of privilege flaw in November, and researchers at CrowdStrike later found that attackers had combined it with CVE-2022-41082 — one of the ProxyNotShell pair of bugs — to achieve remote code execution.  

Unpatched Exchange Server is a popular target because of the value of mailboxes and the fact that Exchange Server contains a copy of the company address book, which is useful for subsequent phishing attacks, Microsoft notes. Additionally, Exchange has “deep hooks” into permissions within Active Directory, and, in a hybrid environment, also gives an attacker access to the connected cloud environment. 

To defend your Exchange servers against attacks that exploit known vulnerabilities, you “must” install the latest supported cumulative update (CU), which is CU12 for Exchange Server 2019, CU23 for Exchange Server 2016, and CU23 for Exchange Server 2013, and the latest security update (SU), which is the January 2023 SU, Microsoft says. 

Admins only need to install the latest Exchange Server CUs and SU because they’re cumulative updates. However, it recommends installing the latest CU and then checking to see if any SUs were released after the CU was released. 

Exchange Server came into focus in early 2021 after Microsoft patched four zero-day flaws, known as ProxyShell, which were exploited by China-backed, state-sponsored attackers. It was the first time Google Project Zero had seen Exchange Server zero days detected since it began tracking them in 2014.    

Microsoft is advising admins to always run Health Checker after installing an update to check for manual tasks required after the update. Health Checker provides links to step-by-step guidance.

Also: Cybersecurity staff are struggling. Here’s how to support them better

The tech giant also notes that it may release a mitigation for a known vulnerability ahead of releasing an SU. The automatically applied option is the Exchange Emergency Mitigation Service, and a manual option is the Exchange On-Premises Mitigation Tool

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version