For days, everyone has been talking about the security vulnerabilities of Microsoft Exchange servers. In Germany alone, several thousand companies are affected. According to information from the BSI, six German federal authorities are among them.
Critical security vulnerabilities
As early as January 2021, Microsoft was alerted by IT security researchers to the security vulnerabilities of certain Exchange servers. Now, patches for the affected servers came out last week to close the gaps. The Exchange server versions affected by the vulnerability are 2013, 2016 and 2019, and the updates provided have now closed the gaps. The German Federal Office for Information Security (BSI) has already informed potential victims about the gaps by mail and has issued corresponding security warnings. The vulnerabilities affect medium-sized, small and large companies, as well as public authorities and educational institutions of all kinds. The cloud version of Microsoft Exchange does not have the security vulnerabilities.
The BSI has also issued recommendations on how to proceed. The gaps must be urgently closed with the patches. Microsoft continues to provide a script with which the systems can be checked for anomalies. However, even after the patch, it does not mean that the systems are safe, an attack on the corporate network may have already occurred before. Hence Microsoft’s script to detect possible compromises.
Federal agencies affected
According to the BSI, the cyberattacks have affected not only companies, but also six federal agencies. The BSI notification states that “in four cases, a possible compromise may have occurred.” Which agencies are affected by the compromises has not yet been revealed. The BSI has offered assistance to the affected authorities and is already actively supporting them in individual cases as they continue to deal with the gaps.
According to BSI estimates, around 9,000 companies as well as other institutions have been affected by cyberattacks, and it is precisely these that have been warned or informed in writing by the Federal Office for Information Security. Initially, the attacks on Exchange servers were targeted at a few selected companies. It was not until February that the attackers moved on to large-scale and automated attacks on the email servers of companies, educational institutions as well as public authorities. In this process, the Exchange servers were provided with backdoors on a daily basis. This allows the attackers to control them remotely and, in the worst case, infiltrate the entire corporate network.