November 18, 2024

Taylor Daily Press

Complete News World

A critical flaw in Microsoft Exchange was exploited to release the patch

A critical flaw in Microsoft Exchange was exploited to release the patch

The flaw in Microsoft Exchange had already been exploited by hackers before Microsoft could release the necessary patches this month. Installing them should be a top priority, because it may already be too late.

This month, Microsoft fixed a critical vulnerability in Exchange Server through updates Patch Tuesday. Unfortunately, the cybercriminals had a mistake CVE-2024-21410 Until he found out. Zeroday allows hackers to remotely access an Exchange server without authentication and pretend to be a legitimate user. Microsoft warns that it has seen such attacks in the wild for some time.

Microsoft Exchange Server 2019 CU 14 and 13 are considered vulnerable, not as Exchange Server 2016 CU 23. Microsoft has now released patches for version 2019. Given the active abuse, high impact, and low complexity of the attack, patching should be an absolute priority.

reduce of

Users can also arm themselves with Extended authentication protection Or the Environmental Protection Agency. The patch automatically enables this additional security capability. Users of older Exchange versions can protect themselves by activating the function themselves using a file Powershell script.

Microsoft Exchange Server is a favorite target for hackers. Many organizations run their mail servers on-premises and do not use Exchange in the cloud. This means that the IT staff themselves are responsible for updates, which are often not installed. A study conducted at the end of last year showed that there are more than 10,000 vulnerable servers operating in Europe alone.

See also  Samsung Galaxy A52s official: pre-order offers in the Netherlands