BSI warns companies to plug the security gaps quickly
No time right now?
“Immediate action necessary” is the subtitle of the BSI’s warning about the recently discovered vulnerabilities in Exchange servers. Patches are available, but you have to install them yourself.
On Wednesday, Microsoft closed four vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065) in its Exchange Server email software. They are said to have been exploited by alleged Chinese hackers. In Germany alone, according to the Federal Office for Information Security (BSI), “tens of thousands of Exchange servers” are said to have been vulnerable to attack via the Internet and “with a high degree of probability” have already been infected. The BSI therefore calls on companies to act immediately – even over the weekend.
Contents
BSI contacts thousands of companies
According to its own statements, the authority contacted more than 9,000 companies on Friday – but “in a postal letter directly to the management board”. The letter also includes recommendations for countermeasures. The BSI has the corresponding information and measures on the weak points in the Exchange servers on this page collected.
The BSI recommends that operators of affected Exchange servers (according to Microsoft, Exchange server versions 2013, 2016 and 2019) should immediately import the patches provided by Microsoft. In addition, the systems should urgently be checked for any abnormalities. Especially companies that did not patch immediately on Wednesday should be on their guard here.
SME IT with many unpatched vulnerabilities
For the BSI, an additional complication is that thousands of systems still had weak points that have been known for over a year – and have not yet been patched. According to the IT security experts, this could particularly affect small and medium-sized companies. The problem: attackers can exploit the security gaps in the Exchange servers remotely via the Internet and thus access the company’s e-mail communication.
In addition, it is also possible to gain access to the entire company network via vulnerable server systems. According to the BSI, this is also due to the fact that Exchange servers have high rights in Active Directory in many infrastructures by default. Because so-called proof-of-concept exploit codes are available to hackers around the world and security researchers notice strong scanning activities, the BSI currently assumes a very high risk of attack.
