microsoft issues critical updates for exchange after foreign state sponsored hackThis week Microsoft announced an exploit in public facing on-premise versions of Exchange server (Outlook) after discovering it was breached by Chinese state-sponsored hackers. The hackers were able to access Exchange through un-realized vulnerabilities. According to researches at Volexcity, the hack appears to have started as early as January 6. The foreign hackers gained access by using stolen passwords or applied zero-day vulnerabilities to mask themselves as a person with legitimate access. 



Zero-day refers to a newly discovered software vulnerability whereby the software developer has “zero days” to fix a problem that has been just discovered. The hackers capitalized on the attack through leased virtual private servers in the U.S. The intent of the hack was to gain access into critical governmental agencies, competitive industries in order to extract classified information and intellectual property.

What does this mean?

What this means is many organizations are currently susceptible to information stealing. The modus operandi of state sponsored hacking is to thoroughly study everything in the organization over a lengthy period for more coordinated efforts into broader exploits by stealing the full contents of user mailboxes.

What can you do?

Microsoft has released emergency patches for Exchange 2013, 2016 and 2019. Although it has been reported that Exchange 2010 is not affected by the breach, Microsoft has released a patch for it anyway as an extra measure of precaution. The patches are available on the Microsoft Tech Community Site for internal IT personnel or outside IT support to deploy.