Advice following Microsoft vulnerabilities exploitation

3 Mar 2021 04:11 PM

Urgent updates released for Exchange server vulnerabilities

Microsoft has made public that sophisticated actors have attacked a number of Exchange servers and in response have released multiple security updates for affected servers.

These updates have been released ahead of the monthly update cycle because four of the seven vulnerabilities have been used in limited targeted attacks. The security updates fix the vulnerabilities exploited in the initial attack.

Affected versions

The vulnerabilities affect Microsoft Exchange Server. The versions affected are:

Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

A defence in depth update for Microsoft Exchange Server 2010 has also been released.

Exchange Online is not affected.

Mitigation

The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest updates immediately.

More information about the security updates can be found on Microsoft's website.

The Microsoft Exchange Server team has published a blog about these updates, which provides a script to obtain an inventory of the patch-level status of Exchange servers on premises. It also assists with some basic questions about installing the security updates.

Further information, including IOCs and detections, can be found in the Microsoft blogs:

Conclusion

The NCSC strongly advises that organisations:

Read the guidance referenced in this alert
Install the necessary updates immediately
Stay informed of any future updates to the guidance from Microsoft (via the links above)

Any incidents affecting UK organisations should be reported to the NCSC via the website.