This should protect Exchange servers from attacks and give administrators more time to install full-fledged patches when Microsoft releases them. The fact is that zero-day vulnerabilities in Microsoft Exchange have recently been regularly exploited by “government hackers”, as well as by groups pursuing financial gain.

For example, I recently wrote about US and UK accused China for attacks on Microsoft Exchange servers. Moreover, Sophos experts have discovered the Epsilon Red ransomware that exploits vulnerabilities in Microsoft Exchange servers to attack other machines on the network.

The new functionality is called Microsoft Exchange Emergency Mitigation (EM) and is based on the Exchange On-premises Mitigation Tool (EOMT), released in March this year to help identify and fix ProxyLogon problems.

EM runs as a Windows service on Exchange Mailbox servers and will be automatically installed on Exchange Server 2016 and Exchange Server 2019 mailbox servers after the September 2021 cumulative update (or newer) is deployed. Administrators can disable EM if they don’t want Microsoft to automatically apply security measures to their servers.

The new functionality will detect Exchange servers that are vulnerable to one or more known issues and automatically apply temporary mitigation measures to them (until administrators can apply full patches).

So far EM offers three types of protection:

• A custom rule blocks certain patterns of malicious HTTP requests that could compromise the Exchange server.
• disabling the vulnerable service on the Exchange server;
• disabling the vulnerable application pool on the Exchange server.

Let me also remind you that I talked about the fact that Hackers attack Microsoft Exchange servers on behalf of Brian Krebs.

The post New feature in Exchange Server will apply fixes automatically appeared first on Gridinsoft Blog.

This time, bugs were fixed in products such as Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows kernel, Windows SMB, and so on.

44 vulnerabilities were associated with remote code execution, 32 with privilege escalation, 14 with information disclosure, 12 provoked denial of service, 8 allowed bypassing various security functions, and another 7 were associated with spoofing.

In addition, this month the company fixed nine zero-day vulnerabilities at once, four of which have already been used for attacks. The following 0-day issues have been fixed, but hackers haven’t used them yet:

• CVE-2021-34492: Certificate forgery vulnerability in Windows;
• CVE-2021-34523: Privilege escalation vulnerability in Microsoft Exchange Server;
• CVE-2021-34473: Remote Code Execution Vulnerability in Microsoft Exchange Server;
• CVE-2021-33779: Windows ADFS Bypass Vulnerability;
• CVE-2021-33781: Active Directory bypass vulnerability.

As for the bugs that hackers have already adopted, one of them is the PrintNightmare problem (CVE-2021-34527), which I described in detail earlier.

By the way, I also reported that Microsoft declares that Printnightmare patch works correctly.

And three other vulnerabilities under attack that were not previously known are:

• CVE-2021-33771: Windows Kernel Privilege Elevation Vulnerability;
• CVE-2021-34448: scripting engine vulnerability leading to information corruption in memory;
• CVE-2021-31979: A privilege escalation vulnerability in the Windows kernel.

Along with Microsoft, other companies have released updates to their products this week.

Patches released:

• Adobe;
• Apache Tomcat;
• Cisco;
• developers of SUSE, Oracle Linux and Red Hat;
• SAP;
• Schneider Electric;
• Siemens;
• VMware.

Let me remind you that a month ago Microsoft specialists also tried Six 0-day vulnerabilities fixed in Windows, including a commercial exploit issue.

The post Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities appeared first on Gridinsoft Blog.

Let me remind you that Microsoft has been implementing a systematic refusal to use the outdated SMBv1 for a long time. So, since 2016, the company has advised administrators to withdraw from SMBv1 support since this version of the protocol is almost 30 years old and does not contain the security improvements that were added in later versions.

Security enhancements include encryption, integrity checks before authentication to prevent man-in-the-middle (MiTM) attacks, blocking insecure guest authentication, and more.

Now the Exchange Team has once again reminded administrators of the insecurity of using SMBv1 because various malware still actively abuses them. Some vulnerabilities in SMB are exploited by EternalBlue and EternalRomance, as well as by TrickBot, Emotet, WannaCry, Retefe, NotPetya, Olympic Destroyer, and so on. In addition, known SMB problems can be used to spread the infection to other machines, perform destructive operations, and steal credentials.

In this regard, Microsoft experts strongly recommend disabling the obsolete version of SMB on Exchange 2013/2016/2019 servers.

The company says they did not check if the Exchange 2010 server was working correctly with SMBv1 disabled. And they are advised to upgrade from Exchange 2010 to Office 365 or a newer version of Exchange Server.

On this week, as part of the “Tuesday of updates” Microsoft fixed 99 bugs in its relatively products, including the sensational 0-day in Internet Explorer, but at the same time, the discontinuation of support for old products causes a very mixed reaction from users.

The post Microsoft recommends Exchange administrators to disable SMBv1 appeared first on Gridinsoft Blog.