BNMC Blog

Microsoft Exchange Server Vulnerabilities

microsoft

As business owners, we are all keenly aware of how integral technology is in every industry these days. We have heard countless times how technology helps drive innovation and growth, improves communication in the organization, and increases your advantage over the competition. As a warning, new technology still has vulnerabilities. Recently, new security flaws were discovered on Microsoft Exchange Servers. That’s why we are running this blog: as a warning to anyone running Microsoft Exchange Servers.

Your Microsoft Exchange Server may be Vulnerable to Attack

We’re acutely aware of how many small businesses rely on these servers to augment their IT departments. And this means many small businesses are at risk. More than 60,000 companies and organizations have been compromised. This is a world-wide threat. Chinese hackers are confirmed at attacking and exploiting vulnerabilities in on-premise servers. Something to pay attention to is, if you’re running Microsoft Exchange ’13, ’16, or ’19 on-site, these were the servers that were vulnerable to attack.

Attacks and Hacks

In January, Microsoft was made aware of what were labeled ‘zero-day’ bugs. These bugs are flaws that we are aware of, but have not yet been addressed. As these weak spots are uncovered, there is a high probability of attacks and breaches. This means they’re highly dangerous for organizations and businesses that hold sensitive data. On March 2nd, Microsoft released updates to repair the zero-day bugs and said that there had only been a limited number of targeted attacks. Despite these fixes and patches, there is still a huge potential for attacks on individual Exchange Servers. This threat is due to the awareness and speed of the patch installation. This means the number of victims grows as more and more hackers continue to target un-patched systems.

Who is behind these Hacks?

Microsoft initially reported that their zero-day vulnerabilities were exploited by Hafnium, a Chinese APT group that is state-sponsored. The group achieved the hacks by using zero-day vulnerabilities to gain access to Exchange servers. As a result, hackers can access email accounts and install malware. These attacks create long-term access for future breaches.

Hafnium has a reputation for targeting US entities in different sectors. Some of these attacks included NGOs, policy think tanks, defense contractors, higher education institutions, law firms, and infectious disease research facilities. Previously, the group compromised victims through the exploitation of internet-facing server vulnerabilities. Hafnium has used open-source frameworks such as Covenant, a legitimate piece of software, for control of the servers. After gaining access to the victim’s network, the group usually uploads the stolen data to a file-sharing site.

Currently, Hafnium is often unsuccessful in its attempts to compromise customers’ accounts. Unfortunately, this doesn’t make the problem any less serious. You have to be aware that they are trying new attacks every day. Usually, if hackers want to find a way in, they will.

Other Group Threats 

Since the initial hacking by Hafnium, other groups have exploited the flaws in MS Exchange Servers. A report was published declaring at least 10 groups that are hunting down un-patched servers.

When Will we be Safe?

According to DIVD (the Dutch Institute for Vulnerability Disclosure), there are thought to be at least 46,000 un-patched servers still running that are at risk of being heavily exploited. Current estimates are that up to 40% of Exchange servers in the Netherlands are still open to attack.

Protect Your Business!

Check to see if your business uses Microsoft Exchange Servers. If you do, or if you’re not sure, keep reading. If you know you haven’t updated your Exchange Server recently, there are some things you should do immediately. First of all, passwords that are sitting in memory could be vulnerable. You should immediately reset all passwords. Next, run the latest patch for your system. As a safety measure, you might want to change your passwords after you run the patch. What this means is, when breaches like this occur, you can’t be too safe.

Steps to Secure Your Server

There are several things you can do to enhance your protection:

  1. Patch your system with Microsoft updates.
  1. Reset all passwords and change all credentials.
  1. Double-check your backup device. Is the repository ok? Have you tested it?
  1. Verify your router. You should also check your security with your vendor. Ask them when they last updated their signatures.
  1. Scan for and investigate any malicious activities on your Exchange servers.
  1. And finally, if you are unsure about your network's safety, restore your Exchange server to a time before the compromises occurred.

If you are not sure what kind of servers you are using, or you need help running the update patch, that’s what we’re here for. We are happy to help you figure out if you’re at risk from this threat. To help you ease your mind, contact us today!

 

Comment for this post has been locked by admin.
 

Comments

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Productivity Business Computing Cloud User Tips Email Software Privacy Network Security Microsoft Hackers Workplace Tips Business Efficiency Google Hardware Data Computer Hosted Solutions Malware IT Services Internet Communication Mobile Device IT Support Smartphone Mobile Devices Small Business Android Cloud Computing Innovation Phishing Users Tech Term Data Recovery Ransomware Backup Managed IT Services Windows Smartphones Saving Money Outsourced IT Information VoIP Cybersecurity Quick Tips Disaster Recovery Network Passwords Miscellaneous Upgrade communications Data Backup Browser Facebook Microsoft Office Business Management Windows 10 Social Media Business Continuity Collaboration Office 365 Server COVID-19 Productivity Internet of Things Managed IT Services Managed Service Windows 10 Gadgets Data Management Apps Word Artificial Intelligence Gmail Save Money Vulnerability Remote Monitoring Remote Work Information Technology Mobile Office Infrastructure Analytics App Remote Workers Encryption Money Spam Chrome WiFi Managed Service Provider Government Router Conferencing Website Tip of the week Employer-Employee Relationship Networking Virtual Reality IT Support Access Control VPN Data Security Settings Applications Paperless Office Google Drive Holiday BYOD Company Culture Display Firewall Storage Maintenance Avoiding Downtime Office Tips Development Document Management Robot Antivirus Wireless Hacker Data storage Automation End of Support HIPAA Big Data BDR Operating System IT Management Business Technology Virtual Private Network Wi-Fi Compliance Computers Virtualization Content Filtering Unified Threat Management Bandwidth YouTube Employee-Employer Relationship Managed Services Apple Risk Management Education Two-factor Authentication Managing Stress Vendor Management OneNote Monitors Printing Managed IT Service Data Breach Customer Relationship Management Scam Chromebook Password Windows 7 Laptop IT The Internet of Things Solid State Drive Social Network Free Resource Software as a Service Break Fix Identity Theft Search Training Mobile Security Downtime Outlook Remote Computing Cybercrime Hard Disk Drive Images 101 Computing Vendor Marketing Bring Your Own Device LiFi Budget SaaS Social Server Management Humor Touchscreen Business Intelligence Hosted Solution iOS Best Practice Administration Managed IT Data loss Mouse How To Remote Tablet Blockchain Telephone Systems Cryptocurrency Retail Alert Regulations desktop Going Green Augmented Reality MSP Consulting Address Permissions Health Private Cloud Computing Infrastructure Professional Services Files LED Bitcoin Threats Office Samsung Running Cable Social Networking Memes Migration Google Wallet Tech Support Buisness Star Wars Management PowerPoint Business Growth User Error Chatbots eWaste Instant Messaging Laptops Patch Management Spyware Gamification Legal Wearable Technology Virtual Desktop Network upgrade Uninterrupted Power Supply Shopping Mobility Batteries Specifications Sports Nanotechnology Unified Communications Drones Alerts USB File Sharing RMM Co-Managed IT Windows 8 Heating/Cooling Multi-Factor Security Social Engineering Motherboard Cables Computer Care IBM Websites Fraud Cost Management Policy Onboarding GDPR Time Management Printer Twitter Identity Continuity Managed Services Provider Screen Reader Charging Slack Deep Learning Hard Disk Drives Smart Office Employees Print Toner Mobile Device Management Myths Black Friday Messaging Emergency Licensing Dongle Banking Content Huawei Servers Google Calendar Safety Wires Corporate Profile Holidays Dark Web Assessment Automobile Procedure Digital Signage Alt Codes Data Warehouse Network Management Solar G Suite Distribution Entertainment Smart Tech Monitoring Solid State Drives Network Congestion Work Dell Gig Economy Shortcuts Mobile Management Cyber Monday WannaCry Payment Card Employee-Employer Relationships Cooperation Service Level Agreement Cabling Reviews Streaming Processor Legislation Voice over Internet Protocol Microsoft Excel Hotspot Internet Exlporer Google Maps PCI DSS Troubleshooting Typing Business Analysis SharePoint Writing Logistics Hybrid Cloud Connectivity Spying National Security Techology IT Technicians Optimization FBI Security Cameras Current Events Profiles Smart Technology Inventory Analysis Students Lenovo Dark Data Update Staff Leominster Human Error Memory Statistics Halloween Modem FinTech Mail Merge Language Value Battery Virus Downloads Asset Management Scalability Politics IoT Digital Payment Peripheral Updates Google Docs VoIP Unified Threat Management Mirgation Recycling K-12 Education IT solutions Utility Computing Shortcut Distributed Denial of Service Digital Shadow IT Mixed Reality Firefox Superfish Customer Service K-12 Schools Meetings Disaster user treats Device Hacks Reducing Cost Bluetooth Comparison Work/Life Balance Scary Stories Cookies Cleaning Black Market CCTV Webcam Law Enforcement Electronic Medical Records Financial Notifications Physical Security Error Emoji Point of Sale Ben McDonald shares Upgrades Gadget Travel Crowdsourcing Personal Information Botnet Regulation Supercomputer CrashOverride Cortana Mobile Computing 3D Printing Motion Sickness Staffing Machine Learning Administrator Processors Taxes IT Budget Web Server what was your? Unsupported Software GPS Computer Repair Relocation Printers IT Consultant Cameras Mobile Data Tracking Recovery How To

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3