Advisory 15

TLP Rating: White

Urgent Microsoft Exchange security update released.

CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners.

The CERTVU office would like to advise it’s constituents on possible critical vulnerabilities in Microsoft Exchange. Microsoft has released an urgent update for Exchange Server due to response to Exchange Servers being actively attacked by a sophisticated threat actor. Institutions and companies running Microsoft Exchange Servers are urged to patch these servers immediately.

What it means

Attackers are exploiting multiple vulnerabilities to gain access to Exchange Servers with SYSTEM privileges which can also lead to data exfiltration and network compromise.

Which Microsoft Exchange systems are Vulnerable?

The below Exchange Server versions affected:
MS Exchange 2010, MS Exchange 2013, MS Exchange 2016 and MS Exchange 2019.

 

Prevention

Immediately apply updates from Microsoft for the affected MS Exchange Server versions

References

1. https://www.cert.govt.nz/it-specialists/advisories/urgent-microsoft-exchange-securityupdate/?fbclid=IwAR3EAKTysVPPO9qmlkwyDy8d7LI6rJQzwk42N1iZWFMDmLj6sVPvZ Q-CgVQ
2. https://www.cert.govt.nz/it-specialists/advisories/urgent-microsoft-exchange-security-update/?fbclid=IwAR3EAKTysVPPO9qmlkwyDy8d7LI6rJQzwk