TOP > Security > On-premise version of Microsoft Exchange, protection …
Related categories: Apps/OS
Microsoft’s monthly update program, which began to be provided on January 10, fixed 98 security issues, an unusual number, and IT administrators were busy checking and responding to the contents early in the new year. . Among the fixes this time was a zero-day vulnerability that was confirmed to be in the wild.
Credit: Pashaignatov / Getty Images
During this period, there are many opportunities for various considerations, both short-term and long-term, such as current product composition and future budget allocation. This time, I would like to consider on-premises Exchange Server. Email is the most basic business communication tool. Is your current Exchange Server fully equipped to defend against emerging threats?
Attackers target on-premises Exchange Server
In the past, it was common for Exchange Server to run on-premises, but with the advent of the cloud era such as Azure, Microsoft has also embarked on the development of a cloud version of Exchange. Previously, the on-premises and cloud versions had similar features and common security and vulnerability issues.
Now, however, there is a gap in the resources Microsoft is investing in the on-premises versions of Exchange and Azure. In April 2022, the company added the on-premises version of Exchange Server within the support period to the bug bounty program. As a result, both researchers and attackers alike have turned Exchange Server on its head. Over the past few months, we’ve seen a number of attacks, including unauthorized access to networks and ransomware attacks, exploiting vulnerabilities in unpatched or incomplete Exchange Servers.
Attackers are finding that it’s not easy to deal with vulnerabilities properly. For example, there are many environments where vulnerabilities remain even after Microsoft’s patch has been provided, such as the Exchange Server vulnerability “ProxyShell”. Among the multiple vulnerabilities that make up ProxyShell, “CVE-2021-31207” was patched in May 2021, but the ransomware “Cuba” that is still being attacked exploiting vulnerabilities. In addition, the monthly patch provided in January 2023 also includes fixes for vulnerabilities such as privilege escalation in Exchange Server, so it is essential to respond.