It's currently in the news again: attackers are trying to exploit Exchange security vulnerabilities. This time, however, the updates have been available for some time. So anyone who has not yet installed the latest security updates should do so as soon as possible.
Here is a summary of the available security updates:
- New security updates for Exchange Server (April 2021)
- New security updates for Exchange Server (May 2021)
- New security updates for Exchange Server (July 2021)
One tweet, for example, reads CERT-Bund to the current situation, thousands of Exchange servers in Germany alone are still vulnerable. As the vulnerability scans and attacks are automated, it is only a matter of time before the vulnerable Exchange servers are infected.
However, a little caution is advised with the July updates, as it can happen that OWA and ECP are no longer accessible after the update. The solution to the problem can be found here:
Falls die Juli Updates noch installiert werden müssen, also besser vorher einmal nach dem „Exchange Server Auth Certificate“ schauen und es gegebenenfalls schon vor der Installation des Updates austauschen.
Here is another PowerShell test script that tests for the vulnerability CVE-2021-34470:
Important: The script can also apply a fix immediately, but this relates to environments in which a very old Exchange Server version or no Exchange Server is installed (for example after a migration to Microsoft 365). In this case, systems are also vulnerable to the vulnerability CVE-2021-34470. Here is the corresponding article: