ACSC warns of fresh Exchange vulnerabilities

Assistant Minister for Defence Andrew Hastie is urging Microsoft Exchange users to patch their systems in the wake of the discovery of a fresh batch of critical vulnerabilities in the email software.

The new vulnerabilities are not remediated by the patches released by Microsoft in March to mitigate the first batch of vulnerabilities discovered in Microsoft Exchange Server, Hastie said.

“Organisations must urgently apply new updates to prevent potential compromise,” he said. “This is a critically important task for Australian businesses and organisations. The ACSC has identified extensive targeting and compromises of Australian organisations with vulnerable Microsoft Exchange deployments.”

The Australian Cyber Security Centre issued a critical update on Tuesday warning that the newly discovered vulnerabilities can be exploited by attackers to gain persistent access to Microsoft Exchange deployments.

According to Microsoft, the vulnerabilities are associated with Microsoft Exchange software failing to properly handle objects in memory, and can be exploited to allow attackers to run arbitrary code in the context of a system user. This could be used to install programs; view, change or delete data; or create new accounts.

Microsoft has issued patches for Exchange Server 2013, 2016 and 2019 to mitigate the vulnerabilities.

According to the ACSC’s alert, deploying security patches to Microsoft Exchange systems is no longer deemed sufficient to mitigate malicious activity related to the discovered vulnerabilities.

Organisations should also investigate the possibility of exploitation of Microsoft Exchange services as a matter of priority by undertaking detection steps recommended by Microsoft. For organisations unable to undertake such investigations, Microsoft has released a mitigation tool that can be used as a first step, the ACSC said.

Image credit: ©stock.adobe.com/au/Alex