Email security is the hottest topic in Cyber right now. Mainstream news channels are extensively reporting on the newly publicised vulnerability in Microsoft Exchange.
What is a vulnerability in software?
This is usually a weakness, glitch or flaw present in the code of the software. Without fixing these, vulnerabilities can impact the performance and security of the software. These glitches or weaknesses within the code, could even allow untrustworthy agents to exploit or access your products and data.
What is the Microsoft Exchange Vulnerability?
The vulnerability is called Microsoft Exchange Validation Key Remote Code Execution Vulnerability.
It exists in the control panel of Exchange, Microsoft’s mail service, and is caused by a failure to properly create unique keys at the time of installation. This allows a hacker to turn any stolen Exchange user account into a complete system compromise (including all email) and potentially all of Active Directory.
Microsoft released a patch for this vulnerability back in February 2020. Unfortunately, it seems a lot of companies have failed to update and are therefore still vulnerable to exploitation.
If you are running any of the versions below or older, we would urgently recommend you update your environment with the update linked above.
|Exchange Release||Build Number|
|Microsoft Exchange Server 2019 Cumulative Update 2||15.2.397.3|
|Microsoft Exchange Server 2016 Cumulative Update 14||15.1.1779.2|
|Microsoft Exchange Server 2013 Cumulative Update 22||15.0.1473.3|
|Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 29||14.3.487.0|
We are seeing many customers rush to migrate to cloud-based email solutions and actively seek out cloud-based email security protection for these solutions.
If you are looking to move away from an on-premise email solution, please contact our IT Support department for a bespoke quote.
In 2016, Gemma joined Optima’s network team. Her main priority is to provide support to our clients and internal staff. Gemma also takes care of the day to day running of the networking team, making sure all issues are solved within SLA’s and clients are happy with the support we provide. More about Gemma.