Less than two weeks ago, Microsoft disclosed important information. According to the company, Chinese hackers were gaining access to organizations’ email accounts through vulnerabilities in its Exchange Server email software as well as issued security patches.
Based on the information provided by Microsoft, four vulnerabilities in its software allowed hackers to access servers for the popular email and calendar service. The tech giant urged customers to immediately update their on-premises systems with software updates.
Interestingly, the hack will probably stand out as one of the top cybersecurity events of the year. As a reminder, Exchange is still widely used around the world. Furthermore, this attack could lead companies to spend more money on security software to prevent future attacks. Moreover, it makes sense to move to cloud-based email instead of running their own email servers in-house.
It is worth mentioning that multiple U.S. government agencies are investigating the attack.
Microsoft and cybersecurity
Hopefully, IT departments are working on applying the patches. Nevertheless, that takes time, and the vulnerability is still widespread. As a reminder, at the beginning of the month, Microsoft released the information. According to the company, there were vulnerabilities in its Exchange Server mail and calendar software for corporate and government data centers. The tech giant released parches for 2010, 2013, 2016, and 2019 versions of Exchange.
Typically, Microsoft releases updates on Patch Tuesday, which occurs on the second Tuesday of each month. Nonetheless, the announcement about attacks on the Exchange software came on the first Tuesday. This decision underlines the importance of this issue. Moreover, the company took the unusual step of issuing a patch for the 2010 edition.
It is worth mentioning that hackers had initially pursued specific targets. Nevertheless, in February, they started going after more servers with vulnerable software that they could spot. According to the company, the main group exploiting vulnerabilities is a nation-state group based in China that it calls Hafnium. Interestingly, attacks on the Exchange software started in early January.
Hopefully, the four vulnerabilities Microsoft disclosed do not affect Exchange Online, Microsoft’s cloud-based email and calendar service.
The goal of the group that attacked Exchange software was to gain information from defense contractors, schools, and other entities in the U.S. Last but not least, the tech giant is encouraging customers to install the security patches it delivered last week. The tech giant is working hard to help customers. Companies, as well as individuals, should pay more attention to cybersecurity.