Serious vulnerabilities have been identified in the Exchange email server • The software giant yesterday released unusual security updates that should be implemented immediately • All details
Photo: Oded Karni
The National Cyber System today (Wednesday) warned of a number of serious vulnerabilities discovered in Microsoft's Exchange server, which is very common in organizations. By a state assault group, and with additional vulnerabilities.
According to the cyber array, the vulnerabilities defined by Microsoft are severe and can be easily realized by attackers. Utilizing these flaws for an attack could result in remote code execution on the server, information leaks, installation of a Webshell (script installed by an attacker on a WEB server), and lateral traffic to the corporate network.
In the cyber system, organizations are advised to check and install the updates as soon as possible on all Exchange servers, and in particular on servers accessible from the Internet. The array also recommends restricting access to OWA servers, for example through a VPN service with strong identification and appropriate encryption. More details on the cyber array website.