Statement by Dr. Hermann Granzer, CTO at Materna Virtual Solution, on the current vulnerabilities in Microsoft Exchange classified as “extremely critical” by the BSI
The four vulnerabilities in Exchange Server announced by Microsoft last week currently put tens of thousands of infrastructures of public authorities and companies at risk. The CERT-Bund, part of the BSI, assumes that there are up to 58,000 potentially vulnerable systems for which it is unclear whether they have already received the available updates or for which no patches are available at all because they are using outdated build versions. Where updates are available, it must now be a top priority for all organizations to apply them, as the vulnerabilities allow access to all Exchange data such as emails, contacts and calendars and are already being exploited. The BSI has now declared the highest threat level “red” and warns that organizations should assume that their systems have been compromised – according to the BSI, several federal authorities are also at risk, and in four cases systems may already have been compromised.
However, the search for evidence that data has been read or malware installed is unlikely to be easy. The hackers behind these attacks probably have extensive resources at their disposal and their activities are difficult to detect. Authorities and companies must therefore use their entire security arsenal to detect anomalies that indicate manipulation. However, if you want to be on the safe side, you need to completely rebuild your systems.
In principle, any Exchange server that is not secure and is made directly accessible from the Internet to allow employees mobile access to emails, calendars and contacts via Outlook Web Access (OWA) or Exchange ActiveSync can be compromised. There are solutions that enable convenient and secure mobile working without direct access to potentially vulnerable Exchange servers: The SecurePIM Gateway from Materna Virtual Solution verifies the identity of the user and only allows verified users to access the Exchange server via the secure SecurePIM app. At the same time, many other applications in the company network can also be secured. Direct access to Exchange Server from the Internet is no longer necessary.
This is good news for users of SecurePIM with the SecurePIM Gateway: They are protected against the current attacks and do not have to worry about the security of their mobile communication systems.