The risk related to these vulnerabilities is similar to the risk that accompanied the vulnerabilities that came to light last month. Northwave has received many reports of compromised servers during that campaign, that in some cases led to Ransomware infections. Therefore, it is of upmost importance to perform the mitigation steps outlined below as soon as possible on any vulnerable system, to reduce the risk of an attack.
As part of “Patch Tuesday”, Microsoft has release updates addressing the vulnerabilities. Northwave urges to roll these out as soon as possible. For more information, we refer to Microsoft’s update information .
Apart from the updates for Exchange Server, Microsoft published updates for other products, such as Windows . As usual, we strongly recommend installing these updates as well.
Note: In some cases, the update might look to be successful, but has been stopped in the background by “User Account Control”. Please refer to the “Known Issues” section in the Microsoft pages .
What will Northwave do?
At this moment, technical details regarding these vulnerabilities are not yet published, and monitoring on abuse of these vulnerabilities is not yet possible. Northwave continues to investigate the possibilities for monitoring exploitation attempts of this vulnerability and will implement detection rules when possible.
Northwave monitors developments regarding this vulnerability. If new critical information about this threat arises, we will reach out to you. If you need additional information, you can call us by phone or send us an email.
Phone number: +31 (0)30-303 1244 (during business hours)
E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85-0437 909 or 0800-1744 (alleen vanuit Nederland)
Disclaimer applies, see below.