On March 2, 2021, Microsoft urgently released an update for Exchange Server 2010, 2013, 2016, and 2019 to address four critical vulnerabilities.
In the published article, Microsoft says that these vulnerabilities can be used against large companies worldwide. Attackers gain remote access to Exchange servers, and from there they can download critical data, including the entire mailbox.
At the same time, Microsoft claims that only services deployed inside the infrastructure are threatened. Exchange Online is not at risk.
Let’s figure out what these vulnerabilities are and how to defend against attacks.
Attackers often use a combination of the mentioned CVEs. The result is a complex attack that allows attackers to steal important data and seriously harm company operations.
We offer comprehensive protection for web applications, sites, and servers. We’ll protect your system even against complex attacks that exploit Microsoft Exchange Server vulnerabilities.
Our protection is based on our own traffic filtering centers. All requests to your servers, including requests to MS Exchange services, pass through our platform and are analyzed.
If the system detects anomalies or incorrect data, the request is immediately blocked. This prevents attackers from entering the system, running malicious code, or downloading data.
2. Deny unauthorized access to Exchange servers through port 443. Since cybercriminals penetrate servers through this specific port, such a measure will help stop an attack at its first stage. You can also prohibit all connections from outside the corporate network.
But this method will only help against new attacks and will be useless if malefactors have already infiltrated your servers.
3. Use the PowerShell script that Microsoft released specifically to look for signs that your servers have been attacked through these vulnerabilities.
To test whether attackers have infiltrated your servers, you need to manually run commands in the Exchange HTTP Proxy logs, Exchange log files, and Windows application event logs.
If you want to check all MS Exchange servers, to use this command:
Get-ExchangeServer | .\Test-ProxyLogon.ps1
You can check the local server using the following command:
If you want to save the results of the check, add the following command to the ones listed above:
If you are checking all Exchange servers and want to save the results, the command would look like this:
Get-ExchangeServer | .\Test-ProxyLogon.ps1 -OutPath $home\desktop\logs
4. Use the nmap script. Computer security expert Kevin Beaumont created it to find vulnerable servers inside your perimeter. The script has been written in haste and isn’t perfect, but it can be a suitable solution in emergency situations.
However, if you already have our protection enabled, you don’t have to worry about new Microsoft Exchange vulnerabilities. If you haven’t yet, it’s time to try it.
Our protection will not only protect your servers from intrusions. Your infrastructure, websites, and applications will be reliably protected against bots and DDoS attacks of any complexity at all levels.
Try our protection for free or start with a free consultation.