Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersExchange on premises - emergency patch released
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
networkn
Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified
Trusted
Lifetime subscriber

  #2671063 10-Mar-2021 13:47
Send private message

It's worth noting, that just because someone patches, and didn't get hacked, this doesn't get them out of the woods in terms of risk for this particular threat.

 

Exfiltrated data, and address books, means highly targeted Phishing and related email messages will be flooding around the world in the coming 12 months. They may pass spam filters, because they will contain sections of messages that were legitimately sent and received earlier.

 

 



BlakJak
1330 posts

Uber Geek
+1 received by user: 735

Trusted

  #2672429 12-Mar-2021 19:54
Send private message

nztim:

 

Just completed the 4 remaining clients of ours with on-prem exchange, as a temporarily measure we blocked 443 outside of NZ and port 25 is only open to our MX gateway 

 

What a pain! these updates take so long to run!

 

 

I just want to point out that blocking 443 for sources outside of NZ is not actually a useful protective measure.  Bad actors can originate their actions from NZ just as easily. I've also seen botnet activity where an 'International nullroute' did not fully stop said activity - and that was years ago.  I hope you've patched _and_ looked for IOC's.




No signature to see here, move along...

freitasm
BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41037

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2675420 16-Mar-2021 12:14
Send private message

New one-click mitigation tool: One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 – Microsoft Security Response Center




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 



networkn
Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified
Trusted
Lifetime subscriber

  #2678194 22-Mar-2021 09:34
Send private message

Acer apparently hit by 50m ransomware attack related to this.

freitasm
BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41037

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2678196 22-Mar-2021 09:36
Send private message

Expect next Acer BIOS updates to come with built-in malware...




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

networkn
Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified
Trusted
Lifetime subscriber

  #2678201 22-Mar-2021 09:43
Send private message

freitasm:

 

Expect next Acer BIOS updates to come with built-in malware...

 

 

Egads, imagine if they were able to load a remote control agent into the bios.  Nek Minit every Acer notebook is ransomwared.

 

At this point, so much of peoples personal data is already on the internet as a result of these leaks, and exfiltrations etc etc, that at some point, you may as well give up the concept of private information and just hope that they don't mind yours in the sea of everyone else's.

 

 

 

 

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
evilonenz
/dev/urandom
291 posts

Ultimate Geek
+1 received by user: 152

ID Verified
Trusted
Lifetime subscriber

  #2692512 14-Apr-2021 10:55
Send private message

Yet another patch has been released by MS, looks like two of the vulnerabilities are exploitable without authentication:

 

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617 
https://www.cert.govt.nz/it-specialists/advisories/updates-released-for-new-critical-vulnerabilities-in-microsoft-exchange/ 




Smokeping

 

Referral Links:

 

Quic - Use code R536299EPGOCN at checkout for free setup
Contact Energy - Use code FRTQDXB for $100 credit

Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #2692525 14-Apr-2021 11:27
Send private message

evilonenz:

 

Yet another patch has been released by MS, looks like two of the vulnerabilities are exploitable without authentication:

 

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617 
https://www.cert.govt.nz/it-specialists/advisories/updates-released-for-new-critical-vulnerabilities-in-microsoft-exchange/ 

 

 

Emergency change already logged and currently installing.. woo!




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

evilonenz
/dev/urandom
291 posts

Ultimate Geek
+1 received by user: 152

ID Verified
Trusted
Lifetime subscriber

  #2692571 14-Apr-2021 11:36
Send private message

Lias:

 

evilonenz:

 

Yet another patch has been released by MS, looks like two of the vulnerabilities are exploitable without authentication:

 

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617 
https://www.cert.govt.nz/it-specialists/advisories/updates-released-for-new-critical-vulnerabilities-in-microsoft-exchange/ 

 

 

Emergency change already logged and currently installing.. woo!

 

 

Nice! I did the same when the CERT advisory came though, not worth waiting until a maintenance window!




Smokeping

 

Referral Links:

 

Quic - Use code R536299EPGOCN at checkout for free setup
Contact Energy - Use code FRTQDXB for $100 credit

Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #2692685 14-Apr-2021 14:30
Send private message

evilonenz:

 

Nice! I did the same when the CERT advisory came though, not worth waiting until a maintenance window!

 

 

Yep.. I'd already started when I saw that advisory, but I flicked it to my manager and said "If anyone grumbles about me patching Exchange, point them at this' lol.

 

 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

r0bbie
259 posts

Ultimate Geek
+1 received by user: 24


  #2692694 14-Apr-2021 14:49
Send private message

Lias:

 

evilonenz:

 

Nice! I did the same when the CERT advisory came though, not worth waiting until a maintenance window!

 

 

Yep.. I'd already started when I saw that advisory, but I flicked it to my manager and said "If anyone grumbles about me patching Exchange, point them at this' lol.

 

 

 

 

 

 

How did your install go? Some people reported issues with ECP

 

 

 

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617

 

 

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).

gjm

gjm
810 posts

Ultimate Geek
+1 received by user: 122


  #2692696 14-Apr-2021 14:52
Send private message

Lias:

 

evilonenz:

 

Nice! I did the same when the CERT advisory came though, not worth waiting until a maintenance window!

 

 

Yep.. I'd already started when I saw that advisory, but I flicked it to my manager and said "If anyone grumbles about me patching Exchange, point them at this' lol.

 

 

 

 

Did you run into any issues installing the patch or smooth sailing?




Do surveys for Beer money (referral link) - Octopus Group 

 

Link for buying beer (not affiliated, just like beer) - Good George

Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #2692700 14-Apr-2021 14:54
Send private message

gjm:

 

Did you run into any issues installing the patch or smooth sailing?

 

 

Installed fine in Non prod.. Prod not so much... *joy*




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

evilonenz
/dev/urandom
291 posts

Ultimate Geek
+1 received by user: 152

ID Verified
Trusted
Lifetime subscriber

  #2692701 14-Apr-2021 14:54
Send private message

Patch install went fine for me.
The previous patch apparently caused issues for people, too, but that was also smooth sailing, some issues did appear to be related to DAG servers on non-matching CU levels, though.




Smokeping

 

Referral Links:

 

Quic - Use code R536299EPGOCN at checkout for free setup
Contact Energy - Use code FRTQDXB for $100 credit

gjm

gjm
810 posts

Ultimate Geek
+1 received by user: 122


  #2692737 14-Apr-2021 15:24
Send private message

ok thanks. No Exchange test environment here apart from my home lab so I think Ill hold off for a day or two. I see that people who have a special character in the account name that they use when installing the patch are having some problems. Doesn't apply to me but also not confidence inspiring in terms of quality




Do surveys for Beer money (referral link) - Octopus Group 

 

Link for buying beer (not affiliated, just like beer) - Good George

1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright