Microsoft has warned administrators about serious security vulnerabilities in Exchange servers and is recommending that the patches be deployed. The vulnerability allows authenticated attackers to run code on vulnerable servers. How is that NCSC Malware links are sent via existing email communications. This tricked the victim into opening a document and thus installing malware. The “Quackbot” malware used in current cases contains a purpose-built module that can extract emails from an Outlook client with the stolen access data and upload them to a remote server, the NCSC continues.
The CVE-2021-42321 vulnerability affects Exchange 2013, 2016, and 2019, servers, as it did with Microsoft named. The group recommends performing updates immediately in order to protect your system. There are two ways to perform the update. With 2013, 2016, or 2019 versions, the November 2021 Security Update can be implemented directly. For all other Exchange servers, you must first install the supported console for your computer processor in order to perform the security update afterwards.
In September, Microsoft introduced a new Exchange Server feature called Microsoft Exchange Emergency Mitigation (EM), which provides automatic protection for vulnerable Exchange servers. The script automatically applies temporary mitigations to high-risk vulnerabilities to protect local servers from attack. In addition, these actions give administrators time to implement security updates.
If you want to read more about cybercrime and cyber security, Register here for the weekly newsletter from Swisscybersecurity.net. The portal contains daily news on current threats and new defense strategies.
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”