Serious vulnerability in Microsoft Exchange servers

Critical leaks have come to light in Microsoft Exchange Server versions 2016 and 2019. Microsoft has now made updates available to resolve this vulnerability. It is important to take action on this because the risk of abuse is considerable.

The risk with this type of vulnerability is that cyber criminals gain system rights and can take over the entire server. An authenticated attacker can execute code with system privileges by sending an email. An attacker who has been authenticated can already log in to an Exchange server.cy with an email account

Exchange is used by Microsoft as a mail server to send and receive emails, with its own domain name (read: company) as sender. Many companies nowadays work in the cloudThink of Gmail or Office 365, but a significant number of companies still run their own mail server.

To resolve the problem, it is important that the IT service provider is contacted. This can then check whether the available update has already been performed. If this is not the case, it is recommended to do this as soon as possible.

More technical details about the update and the discovered vulnerability can be found on the Microsoft website. For more background, we would like to refer to the website Digital Trust Center.

Finally, we would like to draw your attention to our FHI interaction Cybersecurity meeting on October 16, 2020. For more information and registration, see: https://fhi.nl/agenda/interactie-tussen-branches-cybersecurity/