Microsoft Exchange Vulnerabilities
A new email vulnerability online is being reported by Michigan State Police. According to a press release on Tuesday, the Michigan State Police, Michigan Cyber Command Center is warning those who host on-premises Microsoft Exchange servers of a newly identified, significant and active threat to network security. Microsoft Exchange is a platform used to host email services for many businesses and enterprises but Cloud-based Microsoft email is not affected by the vulnerabilities.
The newly discovered vulnerabilities allow a remote attacker to access vulnerable email servers, the emails stored on them, allow for the installation of additional malware, harvest passwords and facilitate long-term access to victim environments.
The vulnerabilities were discovered last week after security researchers uncovered multiple vulnerabilities with on-premises Exchange servers. Microsoft responded by releasing patches to fix the vulnerabilities but prior to the patches being made available, malicious actors had already begun to exploit them. Any organization hosting an on-premises Exchange server that has not been updated has a high likelihood of already being victimized.
As recommended by Microsoft and the Cybersecurity & Infrastructure Security Agency (CISA), the MC3 strongly encourages any agency utilizing an on-premise Microsoft Exchange server to take immediate action to install the patches and then work with their information technology team to investigate any potential unauthorized access to their servers.
Any entity in Michigan with evidence of a compromise related to this vulnerability or other malware activity is requested to report it to the MC3 at 877-MI-CYBER or the FBI’s Internet Crime Complaint Center at www.ic3.gov.