CISA urges people with the 2016, 2019 version of Exchange servers to download April update
Microsoft Exchange has continually been in recent tech news due to several security breaches that left roughly 30,000 email accounts vulnerable to hackers last month.
Microsoft claimed the Exchange flaws were targeted by a Chinese hacking crew called “Hafnium.” Attackers targeted email systems used by several major industry sectors, including infectious disease researchers, law firms, and higher education institutions.
There was a patch released on March 1 that repaired 4 major leaks in the system, but CISA, Cybersecurity and Infrastructure Security Agency, a department of Homeland Security said that patch wasn’t enough to fully repair the systems. Additional vulnerabilities were discovered during a routine sweep. CISA strongly encourages those with Exchange servers 2016 and 2019 to download the April update.
These vulnerabilities affect on-premise servers. Attackers could exploit these weak points to gain access and maintain control on the target host. The Microsoft security updates released in March 2021 do not remediate against these vulnerabilities.
There are no known hacks since the initial breach last month. CISA insists taking preventive measures with the release of this new patch is the best approach.