Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. Microsoft recommends installing the security updates for the affected Exchange versions as soon as possible, as the vulnerabilities are already being exploited:
As active exploitation of related vulnerabilities in the wild is known (limited targeted attacks), our recommendation is to install these updates immediately to protect against these attacks.
Quote: Released: March 2021 Exchange Server Security Updates
The following links also provide information on the vulnerabilities (this is a "Remote Code Execution" vulnerability):
- https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
- https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
- https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
You can download the updates here:
- Security Update For Exchange Server 2019 Cumulative Update 8 (KB5000871)
- Security Update For Exchange Server 2019 Cumulative Update 7 (KB5000871)
- Security Update For Exchange Server 2016 Cumulative Update 19 (KB5000871)
- Security Update For Exchange Server 2016 Cumulative Update 18 (KB5000871)
- Security Update For Exchange Server 2013 Cumulative Update 23 (KB5000871)
Die entsprechenden Updates werden auch zeitnah via Windows Update angeboten. In der Vergangenheit hat sicher allerdings gezeigt, dass die manuelle Installation der Updates weniger Probleme verursacht. Da es sich hier um mehrere Schwachstellen handelt, die bereits aktiv ausgenutzt werden, sollten die Updates schnellstmöglich installiert werden. Auch wenn es sich aktuell nur „um begrenzte gezielte Angriffe“ handelt, ist zu erwarten, dass dies schnell durch „automatisierte weitreichende Angriffe“ ersetzt wird.
Update 07.03.21: Unfortunately, the situation has escalated quite quickly and there have been numerous successful attacks on Exchange servers. If you already suspect that your Exchange server has been successfully attacked and are not sure how to get rid of any webshells that may be present, it is possible to reinstall Exchange and the operating system without losing data and without an up-to-date backup:
Update 09.03.21There are now also updates for older Exchange Server installations: