After discovering Exchange server vulnerabilities, Microsoft was on the verge of releasing emergency patches. The first patches were released for Exchange Server 2019, Server 2016, and Server 2013. The company recognized that the vulnerabilities were being exploited by cybercriminals for limited and targeted attacks.
In addition to patches, Microsoft introduced a number of discount tools. Just recently, it updated Microsoft Defender Antivirus to prevent vulnerabilities. Microsoft said the update would automatically disable the CVE-2021-26855, one of the four vulnerabilities used for cyberattacks.
“Upgrading the Exchange security is still the most complete way to protect your servers from these and other malware attacks. This interim discount is designed to help protect customers while taking the time to implement the latest Global Exchange Update for their version of Exchange, ”said the company. .
According to reports, the vulnerability of the Exchange server was being used to target companies and organizations across the globe. Check Point Research said a total of 32 companies in India were targeted. Researchers further revealed that the finance and banking sector was the worst hit with 28% of hackers followed by government and armaments (16%), manufacturing (12.5%), insurance and legal (9.5%). All other businesses accounted for the remaining 34%.
Despite the packages and discounting tools, the vulnerability of the Exchange server may result in permanent damage. Microsoft has also acknowledged that capturing a system will not take away the attacker’s reach.
“Many of the compromise systems have not yet received secondary action, such as human-operated ransomware attacks or data deletions, indicating that attackers could set up and maintain the access for later operations, “Microsoft ‘s 365 Security Risk Intelligence Team said in a post.