Print Article

Microsoft’s email software exploited by hackers compromising thousands of sites, globally (including Jersey and Guernsey!!)


Channel Island businesses using Microsoft Exchange Server are being warned by Logicalis to watch out for malware, after a flaw in Microsoft’s email software was exploited by hackers compromising thousands of sites.

Microsoft has released patches to update the software which exposes the vulnerabilities; however, many systems were unfortunately compromised before the patch could be applied.

Originally businesses were being targeted but once the criminals found out the vulnerabilities would be patched, they upped their attacks and went after every Microsoft Exchange server that was on the internet.

The initial attacks, which began in the USA, have rippled throughout the world.

Many organisations have already been targeted, including financial services regulators such as the European Banking Authority. The US Government has blamed the hack on Hafnium, an organisation Microsoft claims is sponsored by the Chinese Government.

Tom Bale, Business Development and Technical Director, Logicalis, said

  • “Over 170,000 sites were vulnerable to this attack.
  • While the attack may have started as an attempt to steal information from think tanks, higher education institutes, defence contractors, and infectious disease researchers in the USA, it has gone global.
  • Organisations in the Channel Islands using Microsoft Exchange servers for emails are vulnerable. All internet facing Exchange servers should be patched if not already done so.
  • “Unfortunately patching is too late if an organisation has already been compromised.
  • You need to find out if your systems have been compromised and secure them appropriately. If these systems have been compromised, they need to be isolated, forensics applied and ultimately rebuilt.
  • Being compromised is serious as data and credentials may have already been stolen.”

Software may have been compromised as early as January, with Microsoft warning of attacks to corporate and government servers and releasing updates earlier this month.

The four vulnerabilities disclosed by Microsoft do not affect Exchange Online, the cloud-based service used in Office 365 Packages.

However, hackers may use stolen data to craft targeted phishing attacks on any business or organisation.

Tom said:

  • “Attacks such as this remind us all we are vulnerable, whatever the size or location of our business or organisation.
  • In some ways, this may prompt more organisations to move to cloud-based email servers with automated security and identity management to make monitoring and maintenance more straightforward.
  • Even if your organisation has not been affected, everyone needs to be aware of the increased risk of phishing attacks because of the potential of mass data breaches.”

Microsoft’s Exchange Server team has released a script for IT administrators to check if systems are vulnerable to recently-disclosed zero-day bugs.

Microsoft has already released out-of-band emergency patches for Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 but, in the light of ongoing cyberattacks exploiting the flaws, it has produced security updates for earlier versions of Exchange – something it usually doesn’t do.

The security updates for older versions of Exchange only address the four newly disclosed vulnerabilities that are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The issues affect on-premise Exchange servers.

Though patches for out-of-support Microsoft products are rare, they have been forced to issue them over the past five years to address global cyberattacks.

Microsoft notes that this security update for Exchange only addresses the four new vulnerabilities and does not mean those versions of Exchange, such as Exchange 2010 and earlier, are now supported. The patches are designed to update specific cumulative updates of Microsoft Exchange.

The patches released include updates for the following cumulative updates: