Unpatched Microsoft Exchange vulnerabilities

533 servers in Luxembourg need immediate attention

The Luxembourg House of Cybersecurity informed the CSSF of an important cyber-security alert that has been issued by CIRCL, the Computer Incident Center Luxembourg.

CIRCL published a Technical Report 72 ‘Vulnerable Microsoft Exchange server metrics leading to alarming situation’ available at the following url: https://www.circl.lu/pub/tr-72/.

You will find here below a summary of the situation together with the corresponding recommendations in English, French and German.

Alarming situation warning – Action to be taken:

Unpatched Microsoft Exchange vulnerabilities: 533 servers in Luxembourg need immediate attention.

CIRCL identified a significant number of Microsoft Exchange servers (533 in total) that are left unmaintained when it comes to patching them with the latest security updates.

What are the risks for your organisation?

a potential compromise of the server
accessing of private, confidential and/or business related data by third parties
unwanted modification or deletion of data
exfiltration of data
lateral movement and infection of other parts of the infrastructure
financial loss through blackmailing
productivity and financial loss by re-installing the infrastructure
reputation loss

What can you do as an organisation?

If you’re running your own infrastructure: manually check if the currently running version is the most recent, if not, apply upgrades.
If you have a service provider that is supposed to take care about the security updates: ask them to report the installed version and the most recent version available. If there’s a discrepancy, insist on the upgrade. Ask for monthly status, review current contracts if necessary.

If your organisation needs support in assessing the current threat for your infrastructure, don’t hesitate to get in contact with CIRCL:

– Phone: (+352) 247 88444

– Email: info@circl.lu GPG fingerprint: CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5

For all details, please read CIRCL’s Technical Report 72 ‘Vulnerable Microsoft Exchange server metrics leading to alarming situation’ available at the following url: https://www.circl.lu/pub/tr-72/

Name	Description	Duration
cssf_cookies	Saves information regarding the user's consent to the use of cookies for each optional category.	1 year
ROUTEID	Technical cookie allowing load distribution.	Deleted when the browsing session ends
TBMCookie*	Security: This cookies protects the website against automated attacks.	Deleted when the browsing session ends
__utmvc	These first party cookies are set by a third party service to filter out malicious requests.	Deleted when the browsing session ends
__utmvm*	These first party cookies are set by a third party service to filter out malicious requests.	15 minutes

Name	Description	Duration
cssf_profile	This cookie adapts the website pages to the profile chosen by the visitor (professionals, markets, consumers).	1 year
pll_language	This cookie saves the user’s language choice.	1 year

Name	Description	Duration
_pk_id.#	Collects anonymous statistical data on the website consultations, such as the number of visits or the average time spent on the website. The data is processed in-house and is not shared with a third party.	1 year
_pk_ses.#	Collects anonymous statistical data for the tracking of the pages consulted during the browsing session. The data is processed in-house and is not shared with a third party.	30 minutes