Statement about security vulnerabilities in Microsoft Exchange

If you want to be absolutely sure, set up Exchange Server from scratch: “the four of Microsoft The Exchange Server vulnerabilities announced last week currently endanger tens of thousands of government and corporate infrastructures.

The CERT-Bund, which is part of BSI, assumes as many as 58,000 systems are potentially vulnerable to attack which is not clear if they have already received the updates available or for which patches are not available because they are using older versions. When updates are available, the top priority for all organizations should now be to import them, as vulnerabilities allow access to all Exchange data such as emails, contacts, and calendars and are already being exploited. BSI has now declared the highest threat level “red” and warns that organizations must assume their systems have been compromised – according to BSI, many federal authorities are also at risk, and systems may have already been compromised in four cases.

Looking for evidence of reading data or installing malware shouldn’t be easy. The hackers behind these attacks are believed to be resource-rich and their activities difficult to detect. So authorities and companies should use their entire security arsenal to track down anomalies that point to tampering. But if you want to be completely sure, you have to set up your systems from scratch.

In principle, any insecure Exchange server that can be accessed directly from the Internet can be hacked to enable employees to access emails, calendars, and contacts on the go via Outlook Web Access (OWA) or Exchange ActiveSync. There are definitely solutions that allow comfortable and safe mobile work without direct access to potentially vulnerable Exchange servers: The Virtual Solution’s SecurePIM Gateway checks user identity and only allows verified users access to Exchange Server. At the same time, many other applications can also be secured in the corporate network. Direct Internet access to the Exchange Server is no longer necessary. ”

Statement from Dr. Hermann Granzer, Chief Technology Officer of Virtual Solution, on current security vulnerabilities in Microsoft Exchange that BSI has classified as “very critical”, www.virtual-solution.com