On-premise Microsoft Exchange servers have been the target of increasing attacks over the recent weeks, with tens of thousands of servers being compromised.
Microsoft notes the target of these attacks were servers most often used by small and medium-sized businesses.
The attackers began as a nation-state attack but have now moved to be exploited by other criminal organizations, including new ransomware attacks, with the potential for other malicious activities.
Microsoft notes that due to the breadth of the attacks, the severity of these exploits meant protecting your systems was critical. Due to this, in addition to the regular software updates, Microsoft was also providing specific updates for older and out-of-support software with the intent to make it as easy as possible to quickly protect your business.
Microsoft advises the following actions:
- The first step is making sure all relevant security updates are applied to every system. Find the version of Exchange Server you are running and apply the update. This will provide protection for known attacks and give your organization time to update servers to a version that has a full security update.
- The next critical step is to identify whether any systems have been compromised and if so, remove them from the network. Microsoft has provided a recommended series of steps and tools to help
including scripts that will let you scan for signs of compromise, a new version of the Microsoft Safety Scanner to identify suspected malware, and a new set of indicators of compromise that is updated in real time and shared broadly. These tools are available now, and Microsoft encourages all customers to deploy them. - Finally, groups trying to take advantage of this vulnerability are attempting to implant ransomware and other malware that could interrupt business continuity. To best protect against this, Microsoft encourages all customers to review the ransomware guidance from the U.S. Cybersecurity Agency and Infrastructure Security as well as Microsofts own guidance on how to prepare for and protect against this sort of exploit.
Microsoft has been working with its partners to raise awareness about these critical updates and tools with more than 400,000 customers. Microsoft also continues to monitor these sophisticated attacks closely and work to support customers against these attacks.
Read more at Microsoft here.