The Michigan State Police (MSP) Michigan Cyber Command Center (MC3) is warning entities who host on-premises Microsoft Exchange servers of a newly identified, significant, and active threat to network security. Microsoft Exchange is a platform used to host email services for many businesses and enterprises.
Last week, security researchers uncovered multiple vulnerabilities with on-premises Exchange servers and Microsoft released patches to fix the vulnerabilities. Prior to patches being available, malicious actors had begun to exploit the vulnerabilities. Any organization hosting an on-premises Exchange server that has not been updated has a high likelihood of already being victimized.
Cloud-based Microsoft email is not affected by these vulnerabilities.
As recommended by Microsoft and the Cybersecurity & Infrastructure Security Agency (CISA), the MC3 strongly encourages any agency utilizing an on-premise Microsoft Exchange server to take immediate action to install the patches and then work with their information technology team to investigate any potential unauthorized access to their servers.
The vulnerabilities allow a remote attacker to access vulnerable email servers, the emails stored on them, allow for the installation of additional malware, harvest passwords, and facilitate long-term access to victim environments. Additional information about this vulnerability can be found at https://www.cisa.gov/ed2102 and https://www.microsoft.com/
Any entity in Michigan with evidence of a compromise related to this vulnerability or other malware activity is requested to report it to the MC3 at 877-MI-CYBER or the FBI’s Internet Crime Complaint Center at www.ic3.gov.