- What is AI networking? How it automates your infrastructure (but faces challenges)
- I traveled with a solar panel that's lighter than a MacBook, and it's my new backpack essential (and now get 23% off for Black Friday)
- Windows 11 24H2 hit by a brand new bug, but there's a workaround
- This Samsung OLED spoiled every other TV for me, and it's $1,400 off for Black Friday
- How to Protect Your Social Media Passwords with Multi-factor Verification | McAfee Blog
Microsoft: Update On-Premises Exchange Server Now
Microsoft has urged administrators of on-premises Exchange servers to keep them patched and updated, warning that attackers “are not going to go away.”
The tech giant’s Exchange Team advised in a blog post yesterday that customers install the latest available Cumulative Update (CU) and Security Update (SU) on all servers, and in some cases Exchange Management Tools workstations.
CUs are designed to streamline the patching process by bundling multiple fixes into a single update. SUs are installed on top of these.
Both are cumulative, so organizations only need to install the latest ones.
“You install the latest CU, then see if any SUs were released after the CU was released. If so, install the most recent (latest) SU,” Microsoft explained.
At the time of writing, the most recent versions are CU12 for Exchange Server 2019, CU23 for Exchange Server 2016 and CU23 for Exchange Server 2013, and the latest SU is the January 2023 SU.
“Attackers looking to exploit unpatched Exchange servers are not going to go away. There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts,” Microsoft warned.
“First, user mailboxes often contain critical and sensitive data. Second, every Exchange server contains a copy of the company address book, which provides a lot of information that is useful for social engineering attacks, including organizational structure, titles, contact info and more. And third, Exchange has deep hooks into and permissions within Active Directory, and in a hybrid environment, access to the connected cloud environment.”
Threat actors have exploited on-premises Exchange Server deployments multiple times in recent years, most notably in the ProxyLogon attacks of March 2021 and the targeting of ProxyNotShell bugs that were patched November 2022.
Microsoft urged system administrators to always run HealthChecker after installing an update to check if there are any additional manual tasks to perform.
Editorial credit icon image: monticello / Shutterstock.com
