Microsoft stresses the urgency of patching Exchange servers locally
Date: 27-01-2023
Last updated
Date: 27-01-2023
Last updated
Microsoft today urged its customers to keep their "on-premises Exchange servers" patched by applying the latest supported Cumulative Update (CU) so that they are always ready to deploy an update emergency safety.
Tony Redmond, le MVP de Microsoft (Most Valuable Professional), says the Exchange server update process is "simple" and recommends always running the script Exchange Server Health Checker after installing updates.
Editor's note: For the simplicity of the Windows update process, everything is relative because many system administrators could contest it with (very) good arguments.
The Exchange Server Health Checker script helps detect common configuration issues that are known to cause performance issues and other long-lasting issues that are caused by a simple configuration change in an Exchange environment. It also helps collect useful information about your server to speed up the process of collecting common information about your server.
Today's warning comes after Microsoft also asked administrators to continually patch on-premises Exchange servers after releasing emergency out-of-band security updates to fix ProxyLogon vulnerabilities that were exploited in attacks two months before the release of official patches.
As of March 2021, at least ten hacker groups were using ProxyLogon exploits for various purposes, one of them being a Chinese-sponsored threat group tracked by Microsoft under the name Hafnium.
To show the sheer number of organizations exposed to such attacks, the Netherlands Institute for Vulnerability Disclosure (DIVD) found 46,000 servers unprotected against ProxyLogon vulnerabilities a week after Microsoft security updates were released .
Most recently, in November 2022, Microsoft fixed another series of Exchange bugs known as ProxyNotShell, which allows privilege escalation and remote code execution on compromised servers, two months after the first detection of wild exploitation.
To put things into perspective, earlier this month, security researchers at the Shadowserver Foundation discovered that more than 60,000 Microsoft Exchange servers exposed online are still vulnerable to attacks leveraging ProxyNotShell exploits targeting the CVE-2022-41082 vulnerability. Remote Code Execution (RCE).
To make matters worse, a search on Shodan shows a huge number of Exchange servers exposed online, thousands of which are still waiting to be secured against attacks targeting the ProxyShell and ProxyLogon flaws, among the most exploited vulnerabilities in 2021/2022.