Microsoft is investigating leak in the attack on the Exchange Server


[2nd update 23.05 Hours]: Microsoft has made the quarterly Exchange update for Exchange Server 2016 and Exchange Server 2019 available for download. These CUs contain fixes for customer-reported issues as well as any previously released security updates.

  • Exchange Server 2019 Cumulative Update 9 (KB4602570)
  • Exchange Server 2016 Cumulative Update 20 (KB4602569)
  • You can find all further information and the download links on this page.

[Update 03/16/2021]: Microsoft has released a new one-click mitigation tool to help customers who don't have dedicated security or IT teams.

Microsoft wants to mitigate CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065. It is again questionable whether the gaps can be completely eliminated.

You can read the instructions and the download, which is available on GitHub, here in peace.

[Original March 13, 21]: The attack on the Exchange servers worldwide by hackers has brought Microsoft into serious distress. In the meantime, it was even said that Microsoft knew about the leak but did nothing.

It looks like the mass attack came from an internal leak, as the WallStreetJurnal now reports. Microsoft was aware of the error itself and wanted to release the update on March 9th on patchday. The data had been communicated beforehand within the Mapp partner (Microsoft Active Protections Program). The “proof of concept” attack code was also distributed to anti-virus companies and other security partners. Both happened on February 23rd.

The wave of attacks that began around February 28th had similarities exactly with this “proof of concept” attack code. Therefore Microsoft was forced to distribute the patch in advance on March 2nd. But that wasn't enough to stop the wildfire.

The attack itself was started by hacker groups from China who then infected computers running Microsoft's Exchange email software. An official Microsoft representative did not want to confirm or deny whether China was informed within the Mapp partner.

Microsoft is now going to look for clues. The problem is now unstoppable. But through the investigation, you can narrow down another leak. You can also find out more about this directly from Microsoft and now also in German.

Post a Comment

0 Comments