09 Mar Four newly discovered zero-day vulnerabilities for Microsoft Exchange Servers

Microsoft has announced that in the last few days, four separate vulnerabilities in the Exchange Server platform have been identified.

Unfortunately, it would seem these have already been used by hackers to steal the mailbox content of many thousands of Exchange Server installations.

The detail on these vulnerabilities indicates that only the on-premise versions of Exchange Server are affected, so users of Cloud based Microsoft 365 products can breathe a sigh of relief. However, as on-premise Exchange Server is still a widely used platform the impact is considerable.

The following Gizmodo article has more information on who is affected and the severity of the issue:
https://gizmodo.com/microsofts-crazy-huge-hack-explained-1846422574

Alternatives to on-premise Exchange Server

For customers still running on-premise Exchange Server, it is clear that this is still a highly targeted platform for hackers and constant upgrading and patching is therefore a must. For smaller businesses, keeping on top of upgrades and patches can be a real chore, so if the complexity of an on-premise Exchange Server is not vital you may want to consider migrating to an alternative simpler to manage email server product like MDaemon or a cloud-based email platform.

It’s also worth noting that the reason hackers target mailboxes is not always to damage the content with ransomware. More often it’s used to steal valuable data from within the messages, and this type of attack can potentially go completely unnoticed for a long time.

How archiving email can help

A good way to help minimise the risk of the contents of a mailbox becoming accessible to a third party is to retain only emails that are actively needed within it.

MailStore can both provide a full archive copy of your historical email so it can be referenced by either users or administrators at any time, but also prune older email from source mailboxes. This can help ensure sensitive email data is no longer present in the live mailbox on your mail server and out of the reach of a hacker if the mailbox is compromised.