Yesterday, Microsoft reported on a Chinese group launching attacks against on-premise Exchange Servers in the United States. These attacks gain access to an Exchange Server using stolen passwords or newly discovered vulnerabilities. Then, using a web shell to control the server remotely, it steals data from the network. Targeted industries include infectious disease research, law firms, higher education, federal contractors, policy think tanks, and non-profit organizations. Microsoft’s announcement is found here: https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/
These vulnerabilities and attacks do not affect companies using Microsoft 365 to host their email Exchange Online, nor do they affect companies using other email services like Gmail. But if you have a local on-premise Exchange Server 2013, 2016, or 2019, then read on.
Microsoft announced the release of Security Updates that patch the vulnerabilities being used in these attacks: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
- CVE-2021-26855
- CVE-2021-26857
- CVE-2021-26858
- CVE-2021-27065
LeeShanok recommends immediately applying these updates to both externally facing and internal Exchange Servers to protect your company data assets. Even if you are not in one of the targeted industries, your local Exchange Servers are still vulnerable.
Contact your LeeShanok Account Manager to discuss your situation and schedule a ticket to apply these updates. The ticket for our Hosted clients will be covered if your Exchange runs on your hosted server. And it will also be covered for our Managed IT clients if your Exchange runs in your local on-premise network.
Your technology Partner,
The LeeShanok Team
Phoenix: 602-277-5757 Tucson: 520-888-9122 info@leeshanok.com