Microsoft says 92% of vulnerable Exchange servers patched, mitigated

Author : sssss1
Publish Date : 2021-03-28 14:08:40


Microsoft says 92% of vulnerable Exchange servers patched, mitigated

Following the discovery of Exchange server vulnerabilities, Microsoft had scrambled to release emergency patches. The initial patches were released for Exchange Server 2019, Server 2016, and Server 2013. The company acknowledged that the vulnerabilities were being used by cybercriminals for limited and targeted attacks.

Apart from patches, Microsoft also introduced a slew of mitigation tools. Just recently, it updated Microsoft Defender Antivirus to prevent critical vulnerabilities. Microsoft said the update would automatically block the CVE-2021-26855, one of the four vulnerabilities used for cyberattacks.

“The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange,” the company had said.

According to reports, the Exchange server vulnerabilities were being used to target firms and organisations globally. Check Point Research said that a total of 32 firms in India were targeted. Researchers further revealed that the finance and the banking sector was the worst hit with 28% of the hacks followed by government and military (16%), manufacturing (12.5%), insurance and legal (9.5%). All other industries constituted the remaining 34%.

Despite the patches and mitigation tools, the Exchange server vulnerabilities may leave lasting damage. Microsoft has also acknowledged that patching a system does not necessarily remove the access of the attacker.

"Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions," the Microsoft 365 Defender Threat Intelligence Team said in a post.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

Following the discovery of Exchange server vulnerabilities, Microsoft had scrambled to release emergency patches. The initial patches were released for Exchange Server 2019, Server 2016, and Server 2013. The company acknowledged that the vulnerabilities were being used by cybercriminals for limited and targeted attacks.

Apart from patches, Microsoft also introduced a slew of mitigation tools. Just recently, it updated Microsoft Defender Antivirus to prevent critical vulnerabilities. Microsoft said the update would automatically block the CVE-2021-26855, one of the four vulnerabilities used for cyberattacks.

“The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange,” the company had said.

According to reports, the Exchange server vulnerabilities were being used to target firms and organisations globally. Check Point Research said that a total of 32 firms in India were targeted. Researchers further revealed that the finance and the banking sector was the worst hit with 28% of the hacks followed by government and military (16%), manufacturing (12.5%), insurance and legal (9.5%). All other industries constituted the remaining 34%.

Despite the patches and mitigation tools, the Exchange server vulnerabilities may leave lasting damage. Microsoft has also acknowledged that patching a system does not necessarily remove the access of the attacker.

"Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions," the Microsoft 365 Defender Threat Intelligence Team said in a post.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

Following the discovery of Exchange server vulnerabilities, Microsoft had scrambled to release emergency patches. The initial patches were released for Exchange Server 2019, Server 2016, and Server 2013. The company acknowledged that the vulnerabilities were being used by cybercriminals for limited and targeted attacks.

Apart from patches, Microsoft also introduced a slew of mitigation tools. Just recently, it updated Microsoft Defender Antivirus to prevent critical vulnerabilities. Microsoft said the update would automatically block the CVE-2021-26855, one of the four vulnerabilities used for cyberattacks.

“The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange,” the company had said.

According to reports, the Exchange server vulnerabilities were being used to target firms and organisations globally. Check Point Research said that a total of 32 firms in India were targeted. Researchers further revealed that the finance and the banking sector was the worst hit with 28% of the hacks followed by government and military (16%), manufacturing (12.5%), insurance and legal (9.5%). All other industries constituted the remaining 34%.

Despite the patches and mitigation tools, the Exchange server vulnerabilities may leave lasting damage. Microsoft has also acknowledged that patching a system does not necessarily remove the access of the attacker.

"Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions," the Microsoft 365 Defender Threat Intelligence Team said in a post.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

Following the discovery of Exchange server vulnerabilities, Microsoft had scrambled to release emergency patches. The initial patches were released for Exchange Server 2019, Server 2016, and Server 2013. The company acknowledged that the vulnerabilities were being used by cybercriminals for limited and targeted attacks.

Apart from patches, Microsoft also introduced a slew of mitigation tools. Just recently, it updated Microsoft Defender Antivirus to prevent critical vulnerabilities. Microsoft said the update would automatically block the CVE-2021-26855, one of the four vulnerabilities used for cyberattacks.

“The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange,” the company had said.

According to reports, the Exchange server vulnerabilities were being used to target firms and organisations globally. Check Point Research said that a total of 32 firms in India were targeted. Researchers further revealed that the finance and the banking sector was the worst hit with 28% of the hacks followed by government and military (16%), manufacturing (12.5%), insurance and legal (9.5%). All other industries constituted the remaining 34%.

Despite the patches and mitigation tools, the Exchange server vulnerabilities may leave lasting damage. Microsoft has also acknowledged that patching a system does not necessarily remove the access of the attacker.

"Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions," the Microsoft 365 Defender Threat Intelligence Team said in a post.

https://daks2k3a4ib2z.cloudfront.net/605787b90e01ad359714dfb3/606075d434d3b86c9bbe6b4f_watch-attack-on-titan-season-4-episode-16.pdf
https://daks2k3a4ib2z.cloudfront.net/605787b90e01ad359714dfb3/6060762f116d4753b780fb73_watch-attack-on-titan-season-4-episode-16-deffa.pdf
https://daks2k3a4ib2z.cloudfront.net/605787b90e01ad359714dfb3/6060763e3975b0a4c9b7ebce_watch-attack-on-titan-season-4-episode-16-dgdfg.pdf
https://daks2k3a4ib2z.cloudfront.net/605787b90e01ad359714dfb3/6060766ee5454a34661facbe_watch-attack-on-titan-season-4-episode-16-dsgdsd.pdf
https://daks2k3a4ib2z.cloudfront.net/605787b90e01ad359714dfb3/60607670e1af7a172b599ec9_watch-attack-on-titan-season-4-episode-16-dvfdgs.pdf

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

 



Category : news

Meghan Markles Body Language During Oprah Interview Told a Different Story About the Queen, Body Language Expert Says

Meghan Markles Body Language During Oprah Interview Told a Different Story About the Queen, Body Language Expert Says

- Meghan Markles Body Language During Oprah Interview Told a Different Story About the Queen, Body Language Expert Says. That was epic you know?


Amazon Foundational CLF-C01 Exam Dumps

Amazon Foundational CLF-C01 Exam Dumps

- Get your certification done in first attempt with the best practice material in the form of PDF dumps and latest Online Engine on Certshero.


Handwritten Christmas Cards: a Perfect Gift Idea This Year

Handwritten Christmas Cards: a Perfect Gift Idea This Year

- With everyone now having social media, people started using instant messaging apps to send holiday greetings. Very rarely do handwritten cards get sent, but that makes them even more special.


Buy Finest Salesforce community-colud-consultant Study Material

Buy Finest Salesforce community-colud-consultant Study Material

- CertsLeads enables you to prepare your certification exams, Get most actual and updated exam questions PDF for passing the certifications exam in first attempt