Warning: Security vulnerabilities discovered in Microsoft Exchange Server products

It was found that hackers are actively exploiting security vulnerabilities in Microsoft Exchange Server products. The hackers used four vulnerabilities in Microsoft Exchange Server products to hijack email servers belonging to various organizations. The use of these security vulnerabilities allows unauthorized access to files and mailboxes on the system and on the server, as well as gaining access to the login information stored on that system. Moreover, it is possible to gain control of the corporate network by using loopholes. Note that on March 2, 2021, Microsoft released security updates to address vulnerabilities in Microsoft Exchange Server products.
 
Link to the relevant security updates:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar
 
Who are at risk?
 
Those who use versions of Exchange Server 2010, 2013, 2016, and 2019 and those who do not use the updates provided by the company.
 
Note: Exchange Online was not affected.
 
Threat: Personal data and network management control can be compromised by using vulnerabilities in the existing versions.
 
Measures required for implementation:
 
The current version of Exchange Server (especially with direct Internet access) should be updated promptly!
 
Systems or servers should be investigated for possible attacks. In this case, you can use the list of indicators of compromise (IoCs) identified by Microsoft in relation to the threat. You can get access to this list by following this link.
 
Note: Access to the Exchange server through port 443 may be temporarily blocked.
 
Further information can be found at the link below:
Microsoft Security Blog
 
If you encounter such cases or need methodological support, please contact the Electronic Security Service under the Ministry of Transport, Communications and High Technologies via the website www.cert.az  or e-mail reports@cert.az.
 
 
 

---