Post sponsored by

MIL OSI Translation. Region: Germany / Deutschland –

Source: Federal Office for Information Security, Bonn, Date 07.10.2020 Security updates have been available for several months, with which critical security gaps (details in the security warning) in the groupware and e-mail server Exchange can be fixed. Nevertheless, many Exchange servers are still publicly accessible via Exchange Web Services and several thousand Exchange servers are susceptible to one of the vulnerabilities (CVE-2020-0688). The Federal Office for Information Security (BSI) was able to validate the relevant information from Rapid7 for Germany: “Unfortunately, we keep finding that users ignore existing security updates for months and thus take unnecessary but considerable risks. In this case, it is particularly critical that the security gaps can be exploited from the Internet and that the associated attack code has been published or has already been integrated into known attack tools. It is high time to install the security updates provided by the manufacturer on the affected systems. The CERT-Bund in the BSI notifies German network operators about known IP addresses of vulnerable Exchange servers in their respective networks. Affected users should take the relevant information from the provider seriously and act, “says BSI President Arne Schönbohm. On February 11, 2020, Microsoft made security updates available for the Exchange server, which fix a critical vulnerability (CVE-2020-0688) . A remote attacker can exploit the vulnerability to execute any program code with system rights and thus completely take over the system. Exploit code for exploiting the vulnerability is publicly available. The vulnerability is already actively used for attacks. Exchange servers are often administratively tightly integrated into the Active Directory. This means that, contrary to the manufacturer’s recommendations, computer accounts and service accounts are given privileged rights – comparable to domain administrators. By compromising an Exchange server, an attacker can, depending on the system environment, easily gain possession of domain administrator credentials and thus compromise the entire Active Directory. The BSI recommends checking whether vulnerable versions are being used and updating them as quickly as possible. It is also necessary to check which protocols must be used to access the Exchange server over the Internet. In order to sustainably reduce the risk of exploiting such weak points, accessibility should be restricted to absolutely necessary protocols and authorized persons after successful authentication and via cryptographically secured connections. This could e.g. B. can be achieved by using a VPN gateway. The BSI also points out that Exchange 2010 will reach End of Support (EoS) status on October 13, 2020. From this point on, no more security updates will be made available. The manufacturer also plans the EoS date for Exchange 2013 for April 11, 2023. To ensure that future updates for critical security gaps can be applied, organizations using Exchange 2013 should start planning the migration as soon as possible.Press contact: Federal Office for Information SecurityPostfach 20036353133 BonnTelephone: +49 228 99 9582-5777Fax: +49 228 99 9582 -5455E-Mail:


EDITOR’S NOTE: This article is a translation. Apologies should the grammar and / or sentence structure not be perfect.

MIL Translation OSI