Microsoft recently discovered zero-day vulnerabilities in certain versions of Exchange. Check out this recent feature on PCTV to discover how this vulnerability could affect users like you, and what you should do about it.
Microsoft has reported the discovery of a series of zero-day vulnerabilities within its Exchange environment, for which they have released emergency security updates and patches.
Nexus IT Consultants’ CEO Earl Foote and Business Solutions Advisor Tara Anderson recently appeared on Mountain Connections PCTV to talk about this major security incident, and share tips for Exchange users:
These vulnerabilities are assumed to be the work of nation state-affiliated cybercriminals. The effects of these exploits could have serious consequences if left unaddressed. Vulnerabilities like these could potentially put thousands of email servers used by organizations around the world at risk of infection with a range of malware types.
Fortunately, these vulnerabilities have not been identified in all versions of Exchange. Exchange Online (hosted in Microsoft 365), for instance, was not affected by this incident.
The vulnerabilities only affect on-premise Exchange Servers 2010, 2013, 2016, and 2019, for which Microsoft released emergency patches. If you are using one of these versions, make sure to apply those updates right away.
Earl says, “Whatever type of entity you are, if you have Microsoft Exchange in any way shape or form, go and get the latest patches.”
However, Earl also noted that the patches alone will not solve the problem entirely. Organizations using Microsoft Exchange need to actually hunt threats like these in order to maintain their security. This means cycling out aging technology, and considering modern, cloud-based solutions.
Please note that Nexus is monitoring the situation as it develops. All necessary security updates have been applied to any potentially at-risk users.
We will keep an eye on the situation to ensure no new risks are posed to our client base. Rest assured that security remains a top priority for the Nexus team.
If you have any questions or concerns about this situation whatsoever, please get in touch with our team.