Microsoft has identified a significant security vulnerability affecting Exchange Servers 2010, 2013, 2016, and 2019. This vulnerability is already being exploited by hackers in cyberattacks.
Only the on-premises version is affected (Exchange Online and Office 365 are not impacted).
This vulnerability allows a group of cyber attackers to take control of the mail server and then steal data.
The authenticated attacker can then execute code remotely on your server.
Links to malware are sent via existing emails. Targeted users are invited to open a document and thereby install the Quackbot malware.
Microsoft recommendsimmediately installing updates (provided by Microsoft) to protect your systems.
In addition, the new " Microsoft Exchange Emergency Mitigation " module allows you to apply mitigation and protection measures to your mail server. This module will allow you to wait for the update to be installed by limiting the dangers when a new critical vulnerability arises.
In general, to limit risks, remember to install any updates for your operating system and software as soon as possible.
In addition, since 80% of cyberattacks originate from phishing emails, train your users to detect these emails using the 100% French solution Avant de Cliquer.
Avant de Cliquer contributes to your cybersecurity...
- We continuously raise awareness among your users. We engage with them constantly, over time;
- For personalized learning, our solution adapts to the needs and progress of each user. The exercises evolve according to their profile.
- We send your users scenario emails that include one or more characteristics of realphishing emails.
- We provide all documentation relating to the actions implemented;
- E-learning videos: numerous topics on cybersecurity in general. But also specific to phishing are available for unlimited access on our e-learning platform.
- You don't have to do anything. Everything works on autopilot.
- A specialist will assist you every month.
Through experiential learning, users acquire the right reflexes. More knowledgeable, more involved, and more autonomous, everything is done to ensure that your employees become the strong links in your cybersecurity chain.
