IT admins, take note — Microsoft is urging administrators to apply security updates and enable Extended Protection immediately, after a number of Exchange Server flaws have been brought to its attention.
The company addressed 121 flaws in its security patch earlier this week. But they fear remote attackers could still exploit certain Exchange vulnerabilities to deliver malware, unless swift action is taken.
With the warning already garnering the attention of Cybersecurity and Infrastructure Security Agency (CISA), it's clear that Microsoft's message should be taken seriously. So, to prevent your Exchange Server from becoming compromised — and to avoid similar cyberattacks in the future — here's what you can do.
Exchange Bugs are Vulnerable to Attack, Microsoft Warns
Earlier this week, Microsoft conducted its ‘August 2022 Patch', where the company addressed a total of 121 flaws.
Out of the ‘fixed' security holes, 17 were classified as critical because they allow for remote code execution or elevation of privileges – including the ‘DogWalk Windows zero-day vulnerability', and several ‘Microsoft Exchange vulnerabilities', which grant attackers access to private user emails and passwords.
Despite efforts made by Microsoft's security team, the Exchange vulnerabilities still appear to be at risk of being exploited. This leaves many Microsoft users vulnerable to hackers, who could use phishing emails and chat messages to dupe them into accessing malicious servers.
“Microsoft analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability. Moreover, Microsoft is aware of past instances of this type of vulnerability being exploited.” – Microsoft
In Microsoft's Exploitability Index, the company also warned that vulnerabilities of this kind could be subject to repeat attacks unless IT admins take necessary action. Luckily, there are steps you can take to protect your server. We outline them below.
How Can IT Admins Fix These Vulnerabilities?
Apply Microsoft's Latest Security Updates
The first course of action administrators can take is installing Microsoft's latest security updates.
The company has recently released updates for vulnerabilities found in Exchange Server 2013, 2016, and 2019. According to Microsoft, they are not currently aware of any active exploits in the wild, but would still advise admins to implement them immediately.
“Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment.” – Microsoft
For more information on these common vulnerabilities and exposures, you can refer to the company's Security Update Guide.
Enable Expanded Protection
Aside from applying the latest security updates, Microsoft is also urging admins to enable Extended Protection. Extended Protection is a security tool that enhances Windows Server authentication and helps to mitigate third-party attacks.
Microsoft has recently released a script to enable this feature, but they warn admins to carefully evaluate their environments before implementing the measure. Also, they note that the script must be run as Administrator in Exchange Management Shell on an Exchange Server in order to be effective.
Be Wary of Phishing Attacks
To exploit this type of vulnerability, victims need to be exposed to a malicious server first. Hackers use various phishing strategies to draw users in, including email, HTTPS phishing, and pop-up phishing.
To prevent these bad actors from gaining access to your company's server, we recommend configuring staff accounts by giving staff the lowest level of user rights. This way, if any workers fall victim to phishing attacks, the level of damage will be reduced.
It's also important to keep an eye out for unusual requests from unreliable sources —and to make sure your wider workforce remains skeptical online too. This way, hackers can be blocked at the gate and your private data can be kept secured.
For information on how to evade phishing attacks, and on how to stay safe online, read our top internet safety tips.