Organizations should review and digest the entirety of this guidance before taking action, as the specific order of actions taken to achieve the response objectives is situational and depends on the outcomes of the investigation. We are aware that there is a lot of detail to understand and are adding this summary of Microsoft’s guidance for security incident responders and Exchange administrators on what steps to take to secure their Exchange environments. Since these patches were released, we have published several articles and blog posts helping customers understand these vulnerabilities, and their exploitation patterns, and shared detailed guidance on how the malicious actors are exploiting these vulnerabilities and targeting customers. This means that mitigations such as restricting untrusted connections or setting up a VPN will only protect against the initial portion of the attack to change the attack surface or partially mitigate, and that patching is the only way to mitigate completely. The initial attack requires the ability to make an untrusted connection to the Exchange server, but other portions of the attack can be triggered if the attacker already has access or gets access through other means.
These vulnerabilities are being exploited as part of an attack chain. The vulnerabilities affect Exchange Server versions 2013, 2016, and 2019, while Exchange Server 2010 is also being updated for defense-in-depth purposes. Exchange Online is not affected. On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to affected systems.
0 kommentar(er)
