Microsoft Exchange, predecessor of the cloud offer “Exchange Online” then “Microsoft 365”, is a server mail and an agenda, contact and task manager intended for companies.
On March the 3th, the american CISA ( Cybersecurity and Infrastructure Security Agency) raised a warning about 4 zero-day* vulnerabilities which were actively exploited by a group of hackers -> the CISA’s original post
Those 4 vulnerabilities, named Proxylogon allowed attackers to bypass the authentication and impersonate as the admin on the servers. Letting them perform all commands as they wish. As far as we know, around 20.000 to 30.000 companies have been attacked, mainly in the U.S. but some publications say that European and Asian companies have been targeted too.
As one leader, well implanted into businesses and houses, Microsoft is a recurrent target by hackers to touch a vast amount of potential targets.
But nonetheless, it is reassuring to see how fast is Microsoft’s reactivity to patch those vulnerabilities and provide tools to check our environment.
Indeed, in addition to corrective patches, Microsoft has provided a script to check the security of your servers.
The script can be downloaded via Microsoft’s GitHub -> Here .
So if you’re an admin and your company uses Microsoft exchange, don’t wait any longer and execute the security updates and this script!
* a “zero-day” vulnerability means that the breach was unknown, undocumented/unpublished and that no fixes exist yet.