A set of three vulnerabilities in Microsoft Exchange Server could be chained, allowing an attacker to perform unauthenticated remote code execution. This potential to run arbitrary code and commands on victim machines already has threat actors scanning for vulnerable servers.
Two of the three vulnerabilities were patched as part of the April Microsoft Patch Tuesday bug fixes, and the third vulnerability was patched in May. Despite patches being available, Exchange honeypots are showing that attackers are actively searching for and exploiting these vulnerabilities on unpatched servers as recently as the last couple of weeks.
Exchange Server is one of the top email solutions for businesses, with over 400,000 Exchange Servers exposed to the internet. This makes Exchange a valuable target for attackers, especially when they are able to run any code they want on the victim servers.
The best way to protect against these vulnerabilities is to ensure your Exchange Servers have received the security patches. Acronis Cyber Protect makes updating Exchange Server simple, allowing you to select the systems to patch, and the patches to apply, from a single web console.
#MSExchange #vulnerability #PatchTuesday #Acronis #CyberFit #CyberProtection #AcronisCyberProtectCloud #CyberSecurityNews #CPOCNews #CPOC #CyberSecurity #CyberProtect
Don’t get caught unaware. Stay up-to-date on what’s happening in the cyber protection world. Subscribe for more news from our Cyber Protection Operation’s Center.
Learn more about #CyberProtection: