Microsoft’s email software exploited by hackers compromising thousands of sites, globally (including Jersey and Guernsey!!)
12/03/2021
Channel Island businesses using Microsoft Exchange Server are being warned by Logicalis to watch out for malware, after a flaw in Microsoft’s email software was exploited by hackers compromising thousands of sites.
Microsoft has released patches to update the software which exposes the vulnerabilities; however, many systems were unfortunately compromised before the patch could be applied.
Originally businesses were being targeted but once the criminals found out the vulnerabilities would be patched, they upped their attacks and went after every Microsoft Exchange server that was on the internet.
The initial attacks, which began in the USA, have rippled throughout the world.
Many organisations have already been targeted, including financial services regulators such as the European Banking Authority. The US Government has blamed the hack on Hafnium, an organisation Microsoft claims is sponsored by the Chinese Government.
Tom Bale, Business Development and Technical Director, Logicalis, said
- “Over 170,000 sites were vulnerable to this attack.
- While the attack may have started as an attempt to steal information from think tanks, higher education institutes, defence contractors, and infectious disease researchers in the USA, it has gone global.
- Organisations in the Channel Islands using Microsoft Exchange servers for emails are vulnerable. All internet facing Exchange servers should be patched if not already done so.
- “Unfortunately patching is too late if an organisation has already been compromised.
- You need to find out if your systems have been compromised and secure them appropriately. If these systems have been compromised, they need to be isolated, forensics applied and ultimately rebuilt.
- Being compromised is serious as data and credentials may have already been stolen.”
Software may have been compromised as early as January, with Microsoft warning of attacks to corporate and government servers and releasing updates earlier this month.
The four vulnerabilities disclosed by Microsoft do not affect Exchange Online, the cloud-based service used in Office 365 Packages.
However, hackers may use stolen data to craft targeted phishing attacks on any business or organisation.
Tom said:
- “Attacks such as this remind us all we are vulnerable, whatever the size or location of our business or organisation.
- In some ways, this may prompt more organisations to move to cloud-based email servers with automated security and identity management to make monitoring and maintenance more straightforward.
- Even if your organisation has not been affected, everyone needs to be aware of the increased risk of phishing attacks because of the potential of mass data breaches.”
Microsoft’s Exchange Server team has released a script for IT administrators to check if systems are vulnerable to recently-disclosed zero-day bugs.
Microsoft has already released out-of-band emergency patches for Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 but, in the light of ongoing cyberattacks exploiting the flaws, it has produced security updates for earlier versions of Exchange – something it usually doesn’t do.
The security updates for older versions of Exchange only address the four newly disclosed vulnerabilities that are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The issues affect on-premise Exchange servers.
Though patches for out-of-support Microsoft products are rare, they have been forced to issue them over the past five years to address global cyberattacks.
Microsoft notes that this security update for Exchange only addresses the four new vulnerabilities and does not mean those versions of Exchange, such as Exchange 2010 and earlier, are now supported. The patches are designed to update specific cumulative updates of Microsoft Exchange.
The patches released include updates for the following cumulative updates:
- Exchange Server 2010 = https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2010-service-pack-3-march-2-2021-kb5000978-894f27bf-281e-44f8-b9ba-dad705534459
- Exchange Server 2013, 2016 and 2019 = https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
The Team
Meet the team of industry experts behind Comsure
Find out moreLatest News
Keep up to date with the very latest news from Comsure
Find out moreGallery
View our latest imagery from our news and work
Find out moreContact
Think we can help you and your business? Chat to us today
Get In TouchNews Disclaimer
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.