ProxyLogon - Microsoft Exchange Security Updates


Last week we have posted information about the recent Microsoft Exchange vulnerability that allowed hackers to gain access to on-prem Microsoft Exchange servers.

As the attack – now called ProxyLogon – on Microsoft Exchange Server keeps raging, Microsoft released security updates for Exchange servers which are not on the latest Cumulative Update (CU) and a tool to check if your Exchange server is vulnerable, was hacked or has any suspicious files.

Some are saying that this attack is a lot worse than the SolarWinds hack, with more than 100,000 organizations under attack.
There is also news about a released PoC exploit which will fuel more attacks and a ransomware called DearCry which is targeting vulnerable Exchange servers.

It is important to note that if you install the security updates for older CUs you will be protected but if you than update your Exchange server to the latest CU, you will be vulnerable again and will need to install the security updates for the latest CU.

Microsoft published a new blog post regarding the security updates for older CUs with additional information and download links for the updates.
Microsoft also published a script on GitHub that checks if your Exchange Server is vulnerable to the attack or have been attacked and if there are any suspicious files on the server.

We recommend you install the latest security updates and cumulative updates as soon as possible and use the tool from GitHub to check if your server is vulnerable or have been attacked.