Microsoft
warns
customers
to
patch
their
Exchange
servers
because
attackers
always
look
to
exploit
unpatched
installs.
Microsoft
published
a
post
to
urge
its
customers
to
protect
their
Exchange
servers
because
threat
actors
actively
attempt
to
exploit
vulnerabilities
in
unpatched
installs.
The
IT
giant
recommends
installing
the
latest
available
Cumulative
Update
(CU)
and
Security
Update
(SU)
on
Exchange
servers
“There
are
too
many
aspects
of
unpatched
on-premises
Exchange
environments
that
are
valuable
to
bad
actors
looking
to
exfiltrate
data
or
commit
other
malicious
acts.”
reads
the
post
published
by
Microsoft.
“First,
user
mailboxes
often
contain
critical
and
sensitive
data.
Second,
every
Exchange
server
contains
a
copy
of
the
company
address
book,
which
provides
a
lot
of
information
that
is
useful
for
social
engineering
attacks,
including
organizational
structure,
titles,
contact
info,
and
more.
And
third,
Exchange
has
deep
hooks
into
and
permissions
within
Active
Directory,
and
in
a
hybrid
environment,
access
to
the
connected
cloud
environment.”
Threat
actors
can
exploit
vulnerabilities
in
unpatched
installs
to
steal
sensitive
information
contained
in
user
mailboxes,
gather
intelligence
on
the
target’s
activity,
or
access
the
connected
cloud
environment.
After
installing
an
update,
administrators
are
recommended
to
perform
some
manual
tasks,
Microsoft
recommends
running Health
Checker after
installing
an
update
to
check
for
such
tasks.
Health
Checker
provides
them
with
links
to
articles
that
provide
step-by-step
guidance.
The
IT
giant
pointed
out
that
mitigations
are
designed
to
provide temporary
protection until
an
SU
is
available,
however,
they
can
become
insufficient
to
protect
against
all
variations
of
an
attack,
for
this
reason,
it
is
essential
to
install
applicable
SU.
Below
is
the
list
of
recommendations
provided
by
the
company:
-
Be
sure
to
always
read
our
blog
post
announcements,
noting
known
issues
and
recommended
or
required
manual
actions.
For
CUs,
always
follow
our guidance
and
best
practices,
and
for
SUs,
use
the Security
Update
Guide to
find
relevant
information. -
Be
sure
to
review
our
update
FAQ
in
the
article Why
Exchange
Server
Updates
Matter. -
Use
the Exchange
Server
Health
Checker to
inventory
your
servers
and
see
which
Exchange
servers
need
updates
(CUs
or
SUs),
and
if
any
manual
action
needs
to
be
taken. -
Once
you
know
what
updates
are
needed,
use
the Exchange
updates
step-by-step
guide (aka
the
Exchange
Update
Wizard) to
choose
your
currently
running
CU
and
your
target
CU
and
get
directions
for
updating
your
environment. -
If
you
encounter
errors
during
update
installation,
the SetupAssist script
can
help
troubleshoot
them. And
if
something
does
not
work
properly
after
updates,
have
a
look
at
the Update
Troubleshooting
Guide,
which
covers
the
most
common
issues
and
how
to
resolve
them. -
Be
sure
to
install
any
necessary
updates
for
Windows
Server
and
other
software
that
might
be
running
on
your
Exchange
server(s). -
Be
sure
to
install
any
necessary
updates
on
dependency
servers,
including
Active
Directory,
DNS,
and
other
servers
used
by
Exchange.
Follow
me
on
Twitter:
@securityaffairs
and
Facebook
and
Mastodon
(SecurityAffairs –
hacking,
Microsoft
Exchange
servers)