Over a week ago, Microsoft announced that on-premises Exchange servers are under attack from state-sponsored groups. The company pushed out security patches against the vulnerabilities and noted that Exchange Online is safe from attacks. Other reports indicated that over 30,000 organizations in the U.S. alone are affected by these flaws.
The Redmond tech giant has now provided an update on the situation, also saying that given the increasing scope of the attack, it is pushing out updates for out-of-support software to protect businesses using outdated configurations.
Microsoft states that while the attack initially started as a state-sponsored activity, it now has a much broader scope due to other criminal groups participating as well. As such, apart from the regular security updates, it is also pushing out specific patches for out-of-support software. It recommends that IT admins actively apply these security updates to all relevant software. You can find out more information about the process here.
Furthermore, it has also encouraged customers to determine if their systems have been affected by utilizing the steps and scripts detailed in its blog post here. Lastly, its customer support teams are actively engaged in informing customers about the issue and assisting them in upgrading relevant software.
Microsoft started investigating 400,000 Exchange servers on March 1 based on telemetry data. As of March 9, there were 100,000 vulnerable instances remaining but this number has been dropping and stands at 82,000 currently. The company has also released further patches on March 11 which contain protections for 95% of these instances.
The tech giant went on to say that:
This is the second time in the last four months that nation state actors have engaged in cyberattacks with the potential to affect businesses and organizations of all sizes. We continue to monitor these sophisticated attacks closely and apply the breadth and depth of our technology, human expertise, and threat intelligence to better prevent, detect, and respond.
Microsoft is deeply committed to supporting our customers against these attacks, to innovating on our security approach, and to partnering closely with governments and the security industry to help keep our customers and communities secure.
Microsoft recommends that customers also have a look at other guidance published by the Cybersecurity and Infrastructure Security Agency (CISA) since many attackers are trying to utilize these security vulnerabilities for ransomware attacks as well.