BSI recommends quick updates
The BSI also recommends that operators install the available patches as quickly as possible. In the US, the White House also directed government agencies to update their email servers immediately. Vice security advisor Anne Neuberger emphasized that the US government had reported the vulnerability to Microsoft because of its responsibility. Secret services are specifically looking for security holes in order to exploit them. In the USA there is a procedure in which it is weighed up whether a vulnerability could become too dangerous for the general public if an intelligence agency kept it to itself.
Tens of thousands of servers infected
According to estimates by IT security experts, the Exchange vulnerabilities that became known in March 2021 infected tens of thousands of e-mail servers worldwide. The attackers partially took advantage of the fact that the updates have to be installed manually ?? and not all Exchange customers responded quickly. According to Microsoft’s assessment, Chinese hackers initially exploited the four security holes from the March update. In the event of a successful attack via the vulnerabilities, it was possible to access data from the e-mail system. Only servers that companies operate themselves are affected by the Exchange security gaps. The online versions of the Exchange services were already protected. (With material from the dpa.)