Email Security and the Microsoft Exchange Vulnerability

Gemma ElsburySecurityLeave a Comment

Email security is the hottest topic in Cyber right now. Mainstream news channels are extensively reporting on the newly publicised vulnerability in Microsoft Exchange.

What is a vulnerability in software?

This is usually a weakness, glitch or flaw present in the code of the software. Without fixing these, vulnerabilities can impact the performance and security of the software. These glitches or weaknesses within the code, could even allow untrustworthy agents to exploit or access your products and data.

What is the Microsoft Exchange Vulnerability?

The vulnerability is called Microsoft Exchange Validation Key Remote Code Execution Vulnerability.

It exists in the control panel of Exchange, Microsoft’s mail service, and is caused by a failure to properly create unique keys at the time of installation. This allows a hacker to turn any stolen Exchange user account into a complete system compromise (including all email) and potentially all of Active Directory.

Microsoft’s response

Microsoft released a patch for this vulnerability back in February 2020. Unfortunately, it seems a lot of companies have failed to update and are therefore still vulnerable to exploitation.

Our recommendations

If you are running any of the versions below or older, we would urgently recommend you update your environment with the update linked above.

Exchange ReleaseBuild Number
Microsoft Exchange Server 2019 Cumulative Update 215.2.397.3
Microsoft Exchange Server 2016 Cumulative Update 1415.1.1779.2
Microsoft Exchange Server 2013 Cumulative Update 2215.0.1473.3
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 2914.3.487.0

We are seeing many customers rush to migrate to cloud-based email solutions and actively seek out cloud-based email security protection for these solutions.

If you are looking to move away from an on-premise email solution, please contact our IT Support department for a bespoke quote.

About the Author

A picture of Gemma Elsbury the author of this blog

Gemma Elsbury

IT Manager

In 2016, Gemma joined Optima’s network team. Her main priority is to provide support to our clients and internal staff. Gemma also takes care of the day to day running of the networking team, making sure all issues are solved within SLA’s and clients are happy with the support we provide. More about Gemma.

More from Gemma

Other Posts