Following the discovery of Exchange server vulnerabilities, Microsoft had scrambled to release emergency patches. The initial patches were released for Exchange Server 2019, Server 2016, and Server 2013. The company acknowledged that the vulnerabilities were being used by cybercriminals for limited and targeted attacks.
Apart from patches, Microsoft also introduced a slew of mitigation tools. Just recently, it updated Microsoft Defender Antivirus to prevent critical vulnerabilities. Microsoft said the update would automatically block the CVE-2021-26855, one of the four vulnerabilities used for cyberattacks.
“The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange,” the company had said.
According to reports, the Exchange server vulnerabilities were being used to target firms and organizations globally. Researchers revealed that the finance and the banking sector was the worst hit with 28% of the hacks followed by government and military (16%), manufacturing (12.5%), insurance, and legal (9.5%). All other industries constituted the remaining 34%.
Despite the patches and mitigation tools, the Exchange server vulnerabilities may leave lasting damage. Microsoft has also acknowledged that patching a system does not necessarily remove the access of the attacker.
- 10 Best Android File Manager That You Should Try In 2021
- Scratch Disks are Full: Fix Photoshop Scratch Disk Full
“Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions,” the Microsoft 365 Defender Threat Intelligence Team said in a post.