Industry News

Running Microsoft Exchange – Please take note

A recently found Microsoft Exchange Server vulnerability has been discovered. The vulnerability affects onsite implementations and if exploited it could give an attacker unauthorized access to and control of the network which would exist even after applying the necessary patches.

There have already been South African companies who have fallen victim to this attack.

Microsoft have released a patch to address the vulnerability (KB5000871). It is important to note that exploitation is widespread and indiscriminate, as such The Cybersecurity and Infrastructure Security Agency (CISA) advices that everyone using Microsoft Exchange on-premise products must:

  • Check for signs of compromise;
  • Immediately patch Microsoft Exchange with the vendor released patch; and
  • Upgrade to the latest supported version of Microsoft Exchange.

Click here for more guidance from Microsoft

Response to indicators of compromise is essential to remote attackers already on your network and must be accomplished in conjunction with measures to secure the Microsoft Exchange environment. Patching an already compromised system will not be sufficient to mitigate this situation; therefore, CISA strongly encourages partners to immediately disconnect any Microsoft Exchange systems suspected of being compromised.

For additional information click here to read an article from one of our investigation partners, AVeS.

We urge brokers to notify their clients and clients to check and ensure that the patch management processes are robust and critical patches such as those being released by Microsoft are applied as soon as they can be.

Patching remains critical, perhaps now more than ever before.

Africa: Top Risks for April 2021

The coming month is likely to see an intensification of militant activity in several areas, with an escalation in violence...

12 April 2021

MOZAMBIQUE: Cabo Delgano insurgency remains resilient despite drop in violence

Despite a drop in the frequency of attacks since the start of 2012, the Mozambican security forces have made little visible...

12 March 2021

SAHEL: France reshapes security engagement with task force Takuba

France has signaled that a shift is underway in its strategic approach in the Sahel, with the establishment of Task...

19 February 2021