Information Technology Navigator

Tips, Advice & Insights from Technology Pros

State-Backed Hackers Targeting All Exchange Servers

Posted by Steve Caprio

Tue, Mar 10, 2020


On February 11 2020, Microsoft released a patch for Exchange Servers that would fix a vulnerability pertaining to unauthorized access to the backend of the Exchange Control Panel. There is now confirmation from a source at the United States Department of Defense that multiple nation-state backed actors and other ransomware gangs are actively and maliciously exploiting this vulnerability on unpatched systems. The vulnerability results from the Exchange Server failing to properly create unique cryptographic keys at the time of installation. The hackers’ sophisticated exploits circumvent encryption, granting them full access of the server.

It is imperative that the latest patches from February 11th be applied as even a single Exchange instance puts you at risk.

Please see below for some key points

  1. This applies to all Exchange versions including Exchange 2010 which is EOL and is not receiving further patches or updates, making it even more important to accelerate the move to Office365 or upgrade to newer Exchange versions.
  2. Multi-factor Authentication (MFA) across all user accounts will actually render the exploit useless though it’s still critical for the patch to be applied as other exploits could soon follow.

Need help getting this critical vulnerability quickly addressed? Daymark consultants can assist with this patching effort as well as make recommendations on how to further secure your Exchange environment. Contact us today if you need assistance mitigating this risk.

Here are a couple of articles from ZDNET and Zero Day Initiative that detail how hackers are exploiting Exchange servers.