Microsoft: New vulnerabilities in Exchange Server

To protect users from hackers, Microsoft had to close security holes in Exchange servers again.

M.icrosoft has again to plug security gaps in its Exchange Server e-mail software with an update. The software group published updates for versions from 2013, 2016 and 2019 on April 13, 2021. They were also affected by vulnerabilities that Microsoft had already closed with an update in March 2021. The US National Security Agency (NSA) pointed out two new problems. We do not know of any malware that has already exploited the vulnerabilities, explained Microsoft. Nevertheless, the company recommended installing the updates immediately.

BSI recommends quick updates

The BSI also recommends that operators install the available patches as quickly as possible. In the US, the White House also directed government agencies to update their email servers immediately. Vice security advisor Anne Neuberger emphasized that the US government had reported the vulnerability to Microsoft because of its responsibility. Secret services are specifically looking for security holes in order to exploit them. In the USA there is a procedure in which it is weighed up whether a vulnerability could become too dangerous for the general public if an intelligence agency kept it to itself.

Tens of thousands of servers infected

According to estimates by IT security experts, the Exchange vulnerabilities that became known in March 2021 infected tens of thousands of e-mail servers worldwide. The attackers partially took advantage of the fact that the updates have to be installed manually ?? and not all Exchange customers responded quickly. According to Microsoft’s assessment, Chinese hackers initially exploited the four security holes from the March update. In the event of a successful attack via the vulnerabilities, it was possible to access data from the e-mail system. Only servers that companies operate themselves are affected by the Exchange security gaps. The online versions of the Exchange services were already protected. (With material from the dpa.)

Leave a Reply

Your email address will not be published. Required fields are marked *