Date:11/03/21
Link to the relevant security updates:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar
Who are at risk?
Those who use versions of Exchange Server 2010, 2013, 2016, and 2019 and those who do not use the updates provided by the company.
Note: Exchange Online was not affected.
Threat: Personal data and network management control can be compromised by using vulnerabilities in the existing versions.
Measures required for implementation:
The current version of Exchange Server (especially with direct Internet access) should be updated promptly!
Systems or servers should be investigated for possible attacks. In this case, you can use the list of indicators of compromise (IoCs) identified by Microsoft in relation to the threat. You can get access to this list by following this link.
Note: Access to the Exchange server through port 443 may be temporarily blocked.
Further information can be found at the link below:
Microsoft Security Blog
If you encounter such cases or need methodological support, please contact the Electronic Security Service under the Ministry of Transport, Communications and High Technologies via the website www.cert.az or e-mail reports@cert.az.
Warning: Security vulnerabilities discovered in Microsoft Exchange Server products
It was found that hackers are actively exploiting security vulnerabilities in Microsoft Exchange Server products. The hackers used four vulnerabilities in Microsoft Exchange Server products to hijack email servers belonging to various organizations. The use of these security vulnerabilities allows unauthorized access to files and mailboxes on the system and on the server, as well as gaining access to the login information stored on that system. Moreover, it is possible to gain control of the corporate network by using loopholes. Note that on March 2, 2021, Microsoft released security updates to address vulnerabilities in Microsoft Exchange Server products.Link to the relevant security updates:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar
Who are at risk?
Those who use versions of Exchange Server 2010, 2013, 2016, and 2019 and those who do not use the updates provided by the company.
Note: Exchange Online was not affected.
Threat: Personal data and network management control can be compromised by using vulnerabilities in the existing versions.
Measures required for implementation:
The current version of Exchange Server (especially with direct Internet access) should be updated promptly!
Systems or servers should be investigated for possible attacks. In this case, you can use the list of indicators of compromise (IoCs) identified by Microsoft in relation to the threat. You can get access to this list by following this link.
Note: Access to the Exchange server through port 443 may be temporarily blocked.
Further information can be found at the link below:
Microsoft Security Blog
If you encounter such cases or need methodological support, please contact the Electronic Security Service under the Ministry of Transport, Communications and High Technologies via the website www.cert.az or e-mail reports@cert.az.
Views: 3443
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World