A recently found Microsoft Exchange Server vulnerability has been discovered. The vulnerability affects onsite implementations and if exploited it could give an attacker unauthorized access to and control of the network which would exist even after applying the necessary patches.
There have already been South African companies who have fallen victim to this attack.
Microsoft have released a patch to address the vulnerability (KB5000871). It is important to note that exploitation is widespread and indiscriminate, as such The Cybersecurity and Infrastructure Security Agency (CISA) advices that everyone using Microsoft Exchange on-premise products must:
- Check for signs of compromise;
- Immediately patch Microsoft Exchange with the vendor released patch; and
- Upgrade to the latest supported version of Microsoft Exchange.
Click here for more guidance from Microsoft
Response to indicators of compromise is essential to remote attackers already on your network and must be accomplished in conjunction with measures to secure the Microsoft Exchange environment. Patching an already compromised system will not be sufficient to mitigate this situation; therefore, CISA strongly encourages partners to immediately disconnect any Microsoft Exchange systems suspected of being compromised.
We urge brokers to notify their clients and clients to check and ensure that the patch management processes are robust and critical patches such as those being released by Microsoft are applied as soon as they can be.
Patching remains critical, perhaps now more than ever before.