Microsoft has experienced significant growth in their user base after the pandemic started. Their user base for Microsoft Exchange and Teams jumped from 44 million active users to over 75 million active users. 52% of users use on-premise Microsoft Exchange, while 48% use cloud-hosted Microsoft Exchange. With millions of users using Exchange for their day to day business operations, it has become standard to take its cybersecurity for granted.
The Cybersecurity and Infrastructure Security Agency (CISA) released a report outlining the vulnerabilities they detected in Microsoft Exchange. Microsoft has length contracts with the federal government, so vulnerabilities in their Exchange product pose significant national security risks. The CISA informed federal officials to take immediate steps to address the vulnerabilities mentioned.
What are the vulnerabilities?
The vulnerabilities mentioned are relevant to companies using on-premise Exchange. Microsoft released a press release following the findings and mentioned ongoing cyber attacks have been occurring. Microsoft recommended that users patch the affected systems immediately.
The vulnerabilities specifically mentioned by Microsoft included:
- CVE-2021-26855
- CVE-2021-26857
- CVE-2021-26858
- CVE-2021-27065
These vulnerabilities open up the door for hackers to gain network control over Exchange users. They particularly target users that are using Exchange on-premise; those that are using cloud-based Exchange are not affected. If these vulnerabilities are not addressed by a company, hackers can gain access to servers and networks even after updates/patches.
What should companies using Microsoft Exchange on-premise products do?
Check for signs of comprise: Microsoft recommends scanning Exchange logs to check for signs of compromise. There’s a script that Microsoft provides that Exchange users can run to see if they have been compromised. If your business has been compromised, you need to act urgently or it can be compromised even further.
Upgrade to the latest version of Exchange: Microsoft has addressed the vulnerabilities in their latest version of Exchange. If you upgrade to the latest version, it will cover the majority of the on-premise vulnerabilities. This will take some time, so it’s important to prepare beforehand.
Patch: Lastly, you should immediately patch Microsoft Exchange. This can be done with a vendor released patch. If you are unable to patch Exchange, you should immediately remove the products from the network. This is because exploitation of the vulnerabilities prior to the patch installation will result in persistent control by hackers after the patch. This is the worst case scenario, so it’s important to patch Exchange immediately.
To learn how to manage exchange vulnerabilities, get a free consultation here.
