Critical vulnerabilities in the Exchange Email Server

Microsoft recently announced critical vulnerabilities in the Exchange Email Server product.

 
2000px-Microsoft_Exchange_2019-present.png
 

Exploits of these vulnerabilities can result in full compromise of an Exchange Server and/or unauthorized access of Exchange mailboxes. It is critical that companies act with all speed and due care in remediating this issue within their own environment and their supply chain.

To assist in identifying and triaging this issue within your vendor population, XeneX provides expert resources for forensic analysis, remediation and patching. XeneX utilizes the latest AI technology to identify if an environment is compromised and the remediation.

The individual Microsoft Exchange versions related to these vulnerabilities include:

  • OWA - Exchange Server 2010 SP3 (All updates)

  • OWA - Exchange Server 2013 CU23

  • OWA - Exchange Server 2016 CU18

  • OWA - Exchange Server 2016 CU19

  • OWA - Exchange Server 2019 CU7

  • OWA - Exchange Server 2019 CU8

In addition to the resources provided by XeneX, we also recommend customers utilize the detection and remediation tools provided by Microsoft and US-CERT:

Patches available through Microsoft:

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

Mitigations and Forensic indicators for Exchange Server:

https://us-cert.cisa.gov/ncas/alerts/aa21-062a

Microsoft Tool to Scan for IOC’s:

https://us-cert.cisa.gov/ncas/current-activity/2021/03/06/microsoft-ioc-detection-tool-exchange-server-vulnerabilities

Please reach out to us with any questions you may have regarding this vulnerability.

Xenex Marketing

Los Angeles-based XeneX delivers one of the most deeply integrated, fully-managed Security Operations as a Service (SOS) in the cloud. Leveraging AI and delivered as a best-of-breed service, its xenexFoundation service is a proven, easy-to-use, flexible, and scalable cybersecurity solution for detection, response, and remediation. Clients get peace-of-mind with 24/7 management provided by a highly responsive global team of advanced security experts. Visit www.xenexsoc.com for more information today.

http://www.xenexsoc.com
Previous
Previous

TD SYNNEX and XeneX, Inc. Announce Distribution Partnership providing channel partners access to the award-winning XeneX SOC-as-a-Service solution.

Next
Next

AppSmart Partners with XeneX