Four exploits found in Microsoft’s Exchange Server software have reportedly led to over 30,000 US governmental and commercial organizations having their emails hacked, according to a report by KrebsOnSecurity. Patches have been released by Microsoft, but security experts say that the detection and cleanup process will be a massive effort for the thousands of state and city governments, fire and police departments, school districts, financial institutions, and other organizations that were affected.
According to Microsoft, the vulnerabilities allowed hackers to gain access to email accounts, and also gave them the ability to install malware that might let them back into those servers at a later time.
What Should You Do?
Microsoft has released several security updates to fix the vulnerabilities, and suggests that they be installed immediately. It’s important to note the vulnerabilities affect Microsoft Exchange Server (2013, 2016, 2019). Exchange Online is not affected. We recommend prioritizing installing updates on Exchange Servers that are externally facing. All affected Exchange Servers should ultimately be updated.
If you are a BMT Managed Services client, these necessary updates have been made for you. If you are not, please contact us to learn what you can do to ensure your systems are secure.
