Microsoft Exchange Servers Targeted with Zero-Day Exploits

Microsoft Exchange Servers

On March 2, 2021 Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange.  The zero-days exploited include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft urges customers to update their on-premises systems with the patches “immediately”.  Microsoft says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

The patches released March 2nd fix security problems in Microsoft Exchange Servers 2013, 2016 and 2019. Microsoft said its Exchange Online service — basically hosted email for businesses — is not impacted by these flaws.

In the three days since Microsoft released the emergency security updates, security experts say the same Chinese cyber espionage group has dramatically stepped-up attacks on any vulnerable, unpatched Exchange servers worldwide.  In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.

Back To Business I.T. takes these types of threats very seriously. Our managed services clients were patched immediately and investigated for any potential intrusion made by cyber-attackers prior to the patch release. If you think your business might be at risk, contact us today.

End of the Road for Microsoft Server 2008 and 2008 R2 Support

microsoft server

Moving information to “the cloud” might be the popular thing to do right now, but surveys show that 98% of companies still rely on physical, on-site servers. If you’re in that 98% of businesses, there’s a good chance you have at least one Microsoft 2008 or 2008 R2 server. Microsoft has been pushing their Azure cloud platform since announcing the end-of-life date for these two servers effective January of 2020. But what if moving to the cloud isn’t the right move for your business technology?

As a small business, we’ve been down this road before. Dealing with big one-time expenses is never easy, but it can be more palatable with careful planning and a good team by your side. Our team of project engineers can help you find the best way forward for your business. Is there hardware you can continue using? How many systems are “must-upgrade” and how many are “should-upgrade”? What is a realistic time lime for your business? We can help find the answers to these questions.

Microsoft is by far the most popular OS, so you can be sure that hackers are constantly working on malware to release after each end-of-support deadline passes. With crucial security updates for these servers no longer released as of January 2020, not making plans to upgrade your business technology could have potentially disastrous results. Contact us so we can figure out the right solution for your business.