The latest Microsoft Exchange Zero Day vulnerabilities may further motivate MSPs and MSSPs to accelerate customer migrations to Microsoft 365 cloud services — where Exchange Online does not suffer from such vulnerabilities.
Still, thousands of customers and IT service providers worldwide continue to run on-premises Exchange servers because of customized and/or compliance-related needs. Alas, those on-premises deployments — involving Microsoft Exchange Server 2013, 2016 and 2019 — contain Zero Day Vulnerabilities that hackers are now exploiting, Microsoft has disclosed.
Within the mitigation guidance, Microsoft emphasized that “Exchange Online customers do not need to take any action” because the cloud-based email system does not contain the vulnerabilities.
Microsoft Exchange Server Vulnerabilities: Current and Previous Issues
Meanwhile, the on-premises Exchange vulnerabilities were first reported on September 29 by Vietnamese security firm GTSC, which warned of an attack campaign using the zero-days could lead to remote code execution, SC Media reported.
Microsoft said the first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, SC Media added. The second vulnerability – CVE-2022-41082 – allows remote code execution (RCE) when PowerShell is accessible to the attacker, SC Media noted.
Microsoft 365 and Exchange Online: Automated Patch Management
Threat hunting can certainly help to protect on-premises Exchange servers from hackers. But ultimately, running Microsoft 365 is likely a lower-risk approach for email security since Microsoft ultimately is responsible for maintaining and patching the cloud-based system…
Note: If you can’t migrate customers to cloud-based email and need to maintain on-premises Microsoft Exchange deployments, please email me the reasoning (joe.panettieri@CyberRiskAlliance.com) to help ensure balanced, informed coverage on MSSP Alert.