In mid-April there were again some critical updates for Microsoft Exchange. As with hafnium, experts strongly advise installing the patches. Unlike with hafnium, however, the warning came from the American NSA.
On patch day in mid-April, Microsoft closed two critical security holes that affect locally installed instances of Exchange 2013, 2016 and 2019. These security gaps allow arbitrary program code to be executed on an affected system. In contrast to the security flaws that the Hafnium group used, there are currently no indications that the flaws are being actively exploited, according to Microsoft.
Differences to the hafnium vulnerabilities
This makes these two gaps different from what happened in early March. At that time it turned out that Microsoft had known about the gaps for a long time. However, it was decided that the gaps would not be closed until later. A plan that was quickly revised after it became apparent that tens of thousands of Exchange servers around the world were being attacked and scanned for the vulnerabilities.
According to the release notes for the patches at hand, this time the warning came from the American National Security Agency (NSA). The information flowed through Microsoft's existing vulnerability disclosure process.
“Apparently we were spared a second hafnium this time. However, one thing is clear: when it comes to patching, speed makes the difference between a secure and an insecure network, ”says Tim Berghoff, Security Evangelist at G DATA.
Admins should install updates quickly
Less than a month after a total of seven security gaps in Microsoft Exchange became known and urgent warnings to install updates promptly, there can be no question of the all-clear. On the contrary: only now are some successful attacks noticeable, for example through the installation of ransomware on hijacked systems.
What the events from March have in common with the current patch day is that the updates must be installed as quickly as possible. The reason for this is that when a patch becomes available, criminals and other attackers increasingly begin to look for vulnerable systems in order to be able to target unpatched systems there.
More at GDATA.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.