Microsoft must once again close the vulnerabilities in its Exchange Server email program with an update.
The suite has published updates for versions from 2013, 2016, and 2019. They have also been affected by vulnerabilities that Microsoft has already closed with an update in March. The reference to two of the four new problems came from American intelligence The National Security Agency.
Microsoft said on Wednesday evening that we do not know of any malware that actually exploited these vulnerabilities. However, the company recommended that updates be installed immediately. The White House ordered all US government agencies to promptly update their email servers.
Meanwhile, the US Federal Police FBI took an unusual step to repair the puncture injuries that became known in March. With permission from a Texas judge, back doors have been removed from “hundreds of computers” in the United States. The US Department of Justice said some Exchange server operators were unable to delete the attackers’ backdoors in January and February.
This approach has caused criticism. It was a “stark border crossing”, said Rüdiger Trost of IT security firm F-Secure. “It is a big problem when the state interferes with its IT systems without the knowledge and without assignment of companies, as is the case here.” Something like this has already been done in Germany with regard to the Emotet Trojan – “there is currently no legal basis for this”.
Deputy US Security Adviser Anne Neuberger emphasized that the US government acted responsibly by reporting the vulnerability to Microsoft. Secret services specifically look for vulnerabilities to use for espionage, for example. In the US government apparatus, there is a process in which it is assessed whether the vulnerability could become too dangerous for the general public if the CIA kept it to itself.
The National Security Agency is responsible for cyber espionage abroad. In 2017, hackers took advantage of a security flaw discovered by the secret services to massively infect computers with the WannaCry extortion program. These programs encrypt the hard drive and charge for editing it. At the time, among other things, British hospitals and Deutsche Bahn display panels were affected by WannaCry. The National Security Agency has come under harsh criticism for failing to bridge the security gap.
According to estimates by IT security experts, the Exchange vulnerabilities that became known in March infected tens of thousands of email servers worldwide. The attackers took advantage of the fact that updates had to be installed manually – and not all Exchange clients reacted quickly.
According to Microsoft’s assessment, the four vulnerabilities from the March update were initially exploited by Chinese hackers. Two different attackers were added later. In the event of a successful attack via the vulnerabilities, the data could have been accessed from the email system.
Only corporate-run servers are affected by vulnerabilities in Exchange. The online versions of the Exchange services were already protected.
In the big batch of security updates, Microsoft closed more than 100 vulnerabilities on Tuesday, including in the Windows operating system, in the Edge web browser and in the Office programs.
Microsoft shares listed on the NASDAQ exchange temporarily fell 0.36 percent to $ 257.58.
/ so / DP / zb