Exchange on premises - emergency patch released

Forums › IT Pro and developers › Exchange on premises - emergency patch released

1 | 2 | 3

Networkn
32349 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2671063 10-Mar-2021 13:47

It's worth noting, that just because someone patches, and didn't get hacked, this doesn't get them out of the woods in terms of risk for this particular threat.

Exfiltrated data, and address books, means highly targeted Phishing and related email messages will be flooding around the world in the coming 12 months. They may pass spam filters, because they will contain sections of messages that were legitimately sent and received earlier.

BlakJak

1275 posts

Uber Geek

Trusted

#2672429 12-Mar-2021 19:54

nztim:

Just completed the 4 remaining clients of ours with on-prem exchange, as a temporarily measure we blocked 443 outside of NZ and port 25 is only open to our MX gateway

What a pain! these updates take so long to run!

I just want to point out that blocking 443 for sources outside of NZ is not actually a useful protective measure. Bad actors can originate their actions from NZ just as easily. I've also seen botnet activity where an 'International nullroute' did not fully stop said activity - and that was years ago. I hope you've patched _and_ looked for IOC's.

No signature to see here, move along...

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2675420 16-Mar-2021 12:14

New one-click mitigation tool: One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 – Microsoft Security Response Center

networkn

Networkn
32349 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2678194 22-Mar-2021 09:34

Acer apparently hit by 50m ransomware attack related to this.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2678196 22-Mar-2021 09:36

Expect next Acer BIOS updates to come with built-in malware...

networkn

Networkn
32349 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2678201 22-Mar-2021 09:43

freitasm:

Expect next Acer BIOS updates to come with built-in malware...

Egads, imagine if they were able to load a remote control agent into the bios. Nek Minit every Acer notebook is ransomwared.

At this point, so much of peoples personal data is already on the internet as a result of these leaks, and exfiltrations etc etc, that at some point, you may as well give up the concept of private information and just hope that they don't mind yours in the sea of everyone else's.

evilonenz

/dev/urandom
287 posts

Ultimate Geek

ID Verified

Trusted

Lifetime subscriber

#2692512 14-Apr-2021 10:55

Yet another patch has been released by MS, looks like two of the vulnerabilities are exploitable without authentication:

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617
https://www.cert.govt.nz/it-specialists/advisories/updates-released-for-new-critical-vulnerabilities-in-microsoft-exchange/

Smokeping

Referral Links:

Quic - Use code R536299EPGOCN at checkout for free setup
Contact Energy - Use code FRTQDXB for $100 credit

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2692525 14-Apr-2021 11:27

evilonenz:

Yet another patch has been released by MS, looks like two of the vulnerabilities are exploitable without authentication:

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617
https://www.cert.govt.nz/it-specialists/advisories/updates-released-for-new-critical-vulnerabilities-in-microsoft-exchange/

Emergency change already logged and currently installing.. woo!

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

evilonenz

/dev/urandom
287 posts

Ultimate Geek

ID Verified

Trusted

Lifetime subscriber

#2692571 14-Apr-2021 11:36

Lias:

evilonenz:

Yet another patch has been released by MS, looks like two of the vulnerabilities are exploitable without authentication:

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617
https://www.cert.govt.nz/it-specialists/advisories/updates-released-for-new-critical-vulnerabilities-in-microsoft-exchange/

Emergency change already logged and currently installing.. woo!

Nice! I did the same when the CERT advisory came though, not worth waiting until a maintenance window!

Smokeping

Referral Links:

Quic - Use code R536299EPGOCN at checkout for free setup
Contact Energy - Use code FRTQDXB for $100 credit

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2692685 14-Apr-2021 14:30

evilonenz:

Nice! I did the same when the CERT advisory came though, not worth waiting until a maintenance window!

Yep.. I'd already started when I saw that advisory, but I flicked it to my manager and said "If anyone grumbles about me patching Exchange, point them at this' lol.

r0bbie

244 posts

Master Geek

#2692694 14-Apr-2021 14:49

Lias:

evilonenz:

Nice! I did the same when the CERT advisory came though, not worth waiting until a maintenance window!

Yep.. I'd already started when I saw that advisory, but I flicked it to my manager and said "If anyone grumbles about me patching Exchange, point them at this' lol.

How did your install go? Some people reported issues with ECP

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617

gjm

808 posts

Ultimate Geek

#2692696 14-Apr-2021 14:52

Lias:

evilonenz:

Nice! I did the same when the CERT advisory came though, not worth waiting until a maintenance window!

Yep.. I'd already started when I saw that advisory, but I flicked it to my manager and said "If anyone grumbles about me patching Exchange, point them at this' lol.

Did you run into any issues installing the patch or smooth sailing?

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2692700 14-Apr-2021 14:54

gjm:

Did you run into any issues installing the patch or smooth sailing?

Installed fine in Non prod.. Prod not so much... *joy*

evilonenz

/dev/urandom
287 posts

Ultimate Geek

ID Verified

Trusted

Lifetime subscriber

#2692701 14-Apr-2021 14:54

Patch install went fine for me.
The previous patch apparently caused issues for people, too, but that was also smooth sailing, some issues did appear to be related to DAG servers on non-matching CU levels, though.

Smokeping

Referral Links:

Quic - Use code R536299EPGOCN at checkout for free setup
Contact Energy - Use code FRTQDXB for $100 credit

gjm

808 posts

Ultimate Geek

#2692737 14-Apr-2021 15:24

ok thanks. No Exchange test environment here apart from my home lab so I think Ill hold off for a day or two. I see that people who have a special character in the account name that they use when installing the patch are having some problems. Doesn't apply to me but also not confidence inspiring in terms of quality

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

1 | 2 | 3