On the 2nd March, Microsoft released updates to fix security vulnerabilities for on-premises versions of Microsoft Exchange Server. According to the company, these vulnerabilities are used in the wild and allow both access to emails and installation of further malware. A state-backed Chinese hacking group is believed to be at the origin of these attacks. Usually this group targets US companies, but it’s been reported that the attacks are now indiscriminate, ramping up, and may be used by other malicious actors.
If your company has on-premises versions of Microsoft Exchange Server 2013, 2016 and 2019 (i.e. you own servers running Microsoft Exchange and you use Outlook Web Access) this is a very serious threat and you are likely to be targeted by the attack campaign. As a first priority, you should install the latest security patch and look for malicious activity. If one of your servers has been compromised, the patch won’t address any other backdoors or threats (malware for example) that the attackers may have deployed, and you may be safer rebuilding your server from scratch.
Microsoft has issued the following advice and recommendations on how to patch servers, mitigate the vulnerability if you are unable to pach, scan for vulnerable servers, and search for signs of compromise.