New risks discovered in Microsoft Exchange

New risks discovered in Microsoft Exchange

Experts again strongly recommend to close the security cordon

[datensicherheit.de, 14.04.2021] By „Patch Tuesday” am 13. April 2021 There have been some significant updates to “Microsoft Exchange” – as well as Ium hafnium “ Experts strongly advised to install the patch. Unlike that security hole, however, the warning is The American NSA arrives.

g-data-tim-berghoff-2020

Photo: live figures

Tim Burgoff: Patching speed makes the difference between a secure and an insecure network!

The patch was affected by security vulnerabilities on Tuesday 13 April 2021 in Exchange 2013, 2016 and 2019

“On yesterday’s ‘Patch Day’, Microsoft closed two critical security holes that affect locally established instances of ‘Exchange’ in 2013, 2016 and 2019. These security gaps affect any program code affecting the system. Allow to execute on. “ Unlike safety gaps that “Hafnium” group However, according to Microsoft, there are currently no indications that the flaws are being actively exploited.
This separated both of these security intervals from the incident in early March 2021. At the time, it was discovered that these gaps had been known to Microsoft for a long time – but later it was decided to close them only. “A plan that was quickly revised after it became clear There were attacks on tens of ‘Exchange’ servers worldwide. And scanned specifically for weak points. “

US National Security Agency announces security vulnerabilities

According to the notes issued for the patch in hand, this time the warning has been received from the US National Security Agency (NSA). This information is about existing at Microsoft „Vulnerability Disclosure” Washed away.
“A hafnium for the second time” is ours this time Clearly spared. Nevertheless, one thing is clear: when it comes to patching, speed makes the difference between a secure and an insecure network “, Bett Tim Bergoff, Ev Security Evangelist ”B. G. GATA.

Install updates quickly to close security gaps!

“Microsoft Exchange” has less than a month after a total of seven security breaks and instant reminders are given to install updates immediately There is no question of the all-clear Ho. Conversely: Only now a few successful attacks became noticeable, for example through the installation of ransomware on hijack systems.
Burgoff: “The current ‘patchday’ in the events from March has generally been that the update has to be installed as soon as possible. The reason for this is that when a patch becomes available, the culprit and other Attackers doTo see vulnerable systems to be able to target unsafe systems. “

More information on the topic:

Zee Data Blog, Tim Burgoff, 14.04.2021
Microsoft Exchange: New Security Holes Discovered and Closed

datensicherheit.de, 15.03.2021
Microsoft Exchange Server: Endangered Server and Patching Speed ​​Define / Palo Alto Networks provides an extension platform to analyze attack surfaces such as the current Microsoft Exchange Server.

datensicherheit.de, 12.03.2021
Microsoft Exchange Server: Cyber ​​event timelines rebuild / build tens of thousands of sensitive Exchange servers within three days

datensicherheit.deIs up to 11.03.2021
Microsoft Exchange: Rhineland-Palatinate / Dozens Increase Data Breach Report in Interrogation and Report of Violation of Protection of Personal Data

datensicherheit.de, On 08.03.2021
Successful attack: More than ten thousand local Microsoft Exchange servers affected / Exchange Online service not affected – Thomas Zupp comments and suggests on the incident

datensicherheit.de, 03.03.2021
Microsoft Exchange: Zero-day intervals enable industrial espionage / locally installed versions of Microsoft Exchange are affected

More from Laurence Porter
FIFA 22: First 3 rule breaking cards issued – these are the strong players
The Rulebreakers event was officially announced at FIFA 22. Accordingly, the first...
Read More
Leave a comment

Your email address will not be published. Required fields are marked *