The latest Microsoft security updates address the vulnerabilities in:
The Critical remote code execution vulnerabilities were discovered by the NSA (U.S. National Security Agency) and are fixed in the latest Microsoft Exchange update. The CVEs are:
While there are no active exploits in the wild, it is highly recommended that the customers install these updates ASAP to secure their work environments. The U.S. CISA (Cybersecurity and Infrastructure Security Agency) states, “these vulnerabilities pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action,” and hints at the underlying flaws of the previous updates. Find step by step guides to installing the updates here: https://exupdatestepbystep.azurewebsites.net/
The most severe of the four vulnerabilities has a 9.8/10 CSS (critical severity score), and therefore, prompt action is required from the customers.
Use the Exchange Server Health Checker script to detect any configuration issues that might affect the performance. It also shows if any Exchange servers are behind the CUs and SUs (cumulative or security updates)
Last month’s widespread exchange hacks and new findings show that attackers are leveraging the ProxyLogon exploit to deploy malicious cryptominers onto the Exchange servers. The payload is also being hosted on compromised Exchange servers.
Remote code execution
Install the latest patches available.