What you need to know
- Microsoft Exchange server situations have dominated the news in 2021.
- These situations often boil down to unpatched servers being targeted by threat actors.
- As a result, Microsoft is urging people to patch their servers.
Microsoft Exchange servers have had a long year. Between foreign attacks and cryptocurrency and ransomware schemes, Exchange can't catch a break. Hence why Microsoft is pushing out a PSA, reminding people to keep their servers patched and updated.
Following news surrounding the recent LockFile ransomware threat to MS Exchange, Microsoft has released a blog post entitled "ProxyShell vulnerabilities and your Exchange Server."
It specifically highlights ProxyShell vulnerabilities that may allow for ransomware deployment on unpatched Exchange servers. It mentions that anyone who's installed the May 2021 or July 2021 security updates should be fine, before outlining who's at risk.
According to Microsoft, you're at risk if any of these are accurate for your Exchange server(s):
- The server is running an older, unsupported CU (without May 2021 SU);
- The server is running security updates for older, unsupported versions of Exchange that were released in March 2021; or
- The server is running an older, unsupported CU, with the March 2021 EOMT mitigations applied.
Microsoft reiterates that keeping servers updated with the latest security patches is essential. If you want to see a prime example of why the company is so serious about this topic, check out the recent report on China using stolen MS Exchange data for AI development. And that's the tip of the iceberg; between ransomware and crypto-threats, data theft is just one of many avenues malicious individuals are utilizing to exploit vulnerable Exchange servers.
Long story short: If you have unpatched Exchange servers, Microsoft advises you to fix that.
