Experts state that an ‘increasing range’ of cyber attacks are exploiting the vulnerabilities in Microsoft Exchange servers. The DearCry ransomware is ravaging systems that haven’t applied updates. As many as 82,000 servers worldwide haven’t received due attention.
In the UK, a recent alert from the National Cyber Security Centre (NCSC) urges all organizations using Exchange servers to patch, if relevant. More than 3,000 organizations operating within the country are considered vulnerable to attack.
In the event that organizations remain unable to install updates, the NCSC recommends alternative procedures. Any untrusted connections to Exchange server port 443 should be blocked. In addition, organizations should also maintain configurations that only allow for remote Exchange server access via VPN.
In the US, the White House commented that organizations have “hours, not days” to improve their security. Select private sector groups have been invited to participate in a task force concerning the Exchange server exploits.
What are the chances of a compromise?
High enough that Microsoft recommends that you scan your system for signs of trouble even if you have already patched. Conducting a scan could enable you to spot a breach that could otherwise worsen by ten-fold. Microsoft has released a script on GitHub that can be used to determine whether or not servers show potential compromise. There’s also a new one-click mitigation tool available.
Microsoft’s one-click and mitigate tool
For organizations that still need to apply security patches, Microsoft has just released a brand new tool. “The tool can be run on existing Exchange servers and includes Microsoft Safety Scanner as well as a URL rewrite mitigation for CVE-2021-26855, which can lead to remote code execution (RCE) attacks if exploited,” reports ZDNet.
Microsoft states that this tool is effective for Exchange Server 2013, 2016 and 2019 deployments. Nonetheless, it’s not guaranteed to prevent future attack types. The company writes:
“This tool should only be used as a temporary mitigation until your Exchange servers can be fully updated as outlined in our previous guidance. We recommend this script over the previous ExchangeMitigations.ps1 script…if you have already started with the other script, it is fine to switch to this one.”
“Microsoft is deeply committed to supporting our customers against these attacks, to innovating on our security approach, and to partnering closely with governments and the security industry to help keep our customers and communities secure,” stated a company spokesperson.
For more on the attacks exploiting Microsoft Exchange Servers, visit ZDNet.