32,000 Microsoft Exchange servers still at risk from Hafnium cyber breaches

Microsoft has announced that up to 92% of all stand-alone Exchange servers have been patched, following a mass data breach by Chinese state-sponsored Hafnium cybercrime group.

A mass attack on zero-day Exchange servers through four security vulnerabilities was identified and exploited by Hafnium in early March. Those with at risk servers, according to Microsoft VP Tom Burt, are recognised as 400,000 on-premise Exchange servers belonging to multiple government and corporate data centres including defence contractors, schools and other entities globally.

Consequently, the ProxyLogon security fixes released on 2nd March have mitigated this number significantly with 92% of Exchange servers now protected under the new patches. Nevertheless, Microsoft states that around 32,000 servers remained unpatched and vulnerable to Hafnium cybercrime including theft of confidential sensitive data together with installation of ransomware and ‘corrupted web shells’, such as China Chopper, allowing unrestricted external access to the unpatched Exchange servers.

These security fixes are in conjunction with Microsoft’s Exchange on-premises mitigation tool (EOMT) which installs defender scripts and dependency downloads whilst automatically running the Safety Scanner; troubleshooting any identified problems on the Exchange servers.

However, the patches do not protect servers that have already been compromised from further exploitation, therefore Microsoft has advised that organisations administrators scan their stand-alone networks for potentially installed malicious software and scripts in addition to the scans of EOMT.

The attacks themselves have raised questions over the security maintenance of in-house email servers and adds weight to the growing adoption of cloud-based internet email.


Urgent Patches issued for Microsoft Exchange Server

Microsoft have urged the system admins of on-premise Exchange email servers to upgrade in response to new breaches from state-sponsored hackers.

The Chinese group, known as ‘HAFNIUM’, are believed to have exploited previously undiscovered zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016 and 2019 via compromised US-based servers. Microsoft Exchange Online or related services (such as Microsoft 365) are not affected.

All four breaches were announced on Wednesday under the Microsoft Security Response Centre (MSRC) and graded ‘Critical’ – requiring urgent patching.

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 create a ‘perfect storm’ under which the attacker makes an untrusted connection to the targeted Exchange Server on port 443, and connects appearing to be someone with authorised access to add a web shell that grants a backdoor for future access.

HAFNIUM has previously been accused of industrial espionage and attempts to breach the technology of important private, public and national security organisations, including defence contractors.

As of 4th March, the Department of Homeland Security has also issued an emergency directive to all US federal agencies to urgently patch any on-premises Exchange servers by midday on 5th March.

 

For Cybersecurity advice and expertise, please contact our team today.


Reply All Email Storm Protection launches for Exchange Online

Microsoft have announced Reply All email storm protection for Exchange Online – designed to prevent crushing organisational reply all email chains.

By default, the feature will detect ten reply all emails to over 5,000 recipients within 60 minutes, (what IT admins jokingly call a ‘reply-allpocalypse’) and will block further sending to prevent the problem escalating.

A particular problem in large organisations, email storms begin when large numbers of recipients click ‘reply-all’ either to respond or ask to be removed from the chain – massively multiplying the overall number of emails passing through Exchange servers.

If you find yourself stuck in a big reply all email storm, the guidance is simple: Do nothing. Do not reply to the email. Replying only makes the problem worse for everyone in the email chain, including you.

reply all email storm protection

Reply all email storms have plagued large organisations. The NHS was infamously struck by a server-crushing 500 million emails in less than two hours on 14th November 2016, after an IT contractor accidentally sent a test email to everyone with an NHSmail email address – approximately 840,000 people.

Microsoft itself became one of the first test cases during the “Bedlam DL3” incident of 1997, when a user emailed 13,000 company addresses. Other users unaware of how many replies they were sending asked to be removed, and by the time the storm had subsided a terrifying 15 million emails had been sent – far beyond the capacity of late-90s email servers.

Reply-all email storm protection is currently being rolled-out to Microsoft Exchange Online and packaged services including Microsoft 365.

 

For IT Support and expertise, please contact Lineal today.


iOS 11 Mail App hits the rocks

iOS 11 users who updated their iPhones and iPads this week have been given a nasty shock, upon discovering Microsoft email services will no longer function correctly.

Apple are reported to be ‘working closely’ with Microsoft to resolve the issues – affecting compatibility with Microsoft Exchange 2016, Office 365 and Outlook.com – which display an error message informing users that their mail account “Cannot send mail. The message was rejected by the server.”

One week on from Apple’s flagship iPhone X launch, the problem leaves the tech giant with a public relations headache, as early adopters of the newest touchscreen operating system rush to complain online.

Until this recent development, Office 365 had proved hugely popular with iPhone and Mac users – allowing them to plug Microsoft cloud infrastructure, for dull company email and calendars behind the scenes, into their favoured Apple devices and applications for a a more enjoyable user experience.

Rubbing salt in the wound, Microsoft also published an official support warning on Tuesday, rather mischievously entitled: “You can’t send or reply from Outlook.com, Office 365, or Exchange 2016 in iOS 11 Mail.app”. According to MacRumors, beta testers (including engineers at Lineal) were raising the Microsoft email service problem as early as July, although it appears to be unresolved by Apple’s developers.

Users urgently needing email are advised to download the Outlook for iOS app from the App Store as a lifesaving alternative, suffer a more Microsoft branded email experience, and await rescue from Apple bug fixers.


How Your Outlook Stops Spam Emails

Outlook Stops Spam Emails

At Lineal we’ve found the most commented upon feature of Microsoft’s Office 365 email has been the reduction of spam – but why does running your email from the cloud make Outlook 2016 so much better at blocking these annoying spam emails?

On your old in-house email server, Outlook stops spam emails being delivered based on whatever policies and protection you’ve put there and maintained (or not…,) whilst Office 365 is managed all year round as a remote service, with up-to-the-hour security updates in Microsoft data centres. Moving your business email to the cloud ensures your inboxes are not just company compliant, but physically and virtually safer.

Firstly, Office 365 checks your email for known suspicious attachments or malicious links. If neither are found, your email is screened through three independent Anti-virus engines, before being delivered safely to your inbox.

But what if something suspicious is found? Malicious links are re-written where possible, and suspicious attachments are removed to a sandboxed (isolated in software) ‘detonation chamber’, where they are opened safely to check for harmful code. Any attachments still deemed to be dangerous are removed from the email before being processed further.

Due to sheer volume of email processed through Office 365, Microsoft are also able to use information about all threats seen worldwide, and protect your inbox from even brand new ‘zero-day’ dangers seen elsewhere online.

Office 365 business packages (which can be trialled for free via Lineal) have been made increasingly secure over the past year – with Microsoft opening new UK based data centres and introducing new admin centre for power users to manage system usage in large organisations more effectively. 97% of people can’t identify a phishing email, so it’s important to know that Office 365 will remain vigilant.

Lineal are a Gold Microsoft Partner: for Cloud help and support contact our team today.


Exchange Server 2007 support to end in 2017

Exchange Server 2007

Lifecycle support for Microsoft’s Exchange Server 2007 email will end in April 2017, Microsoft has confirmed.

Existing email servers will continue to work past this date initially, but will receive no further patching without purchasing ‘custom support’ at an unknown extra cost. Each version of Exchange is predicted to last only around 10 years, with the 2016 edition lasting until 2025.

Exchange 2007 was included as part of Microsoft Small Business Server 2008 which went end of mainstream support last year. With the challenges of ensuring systems are secure, upgrading from SBS 2008 sooner rather than later will be the order of the day for many businesses.

Unfortunately, upgrading old copies of Exchange Server 2007 to Microsoft’s latest version of Exchange Server (2016) may be more challenging than many organisations will expect, as a direct migration is not available.

This forces users to stepping-stone via the 2010 or 2013 versions, a restriction that will be familiar to any business that has tried to upgrade a legacy Windows XP system to Windows 10, who must buy a redundant Windows 7 license just to make the transition.

The best alternative solution for many will be to abandon their on-site Exchange Server entirely and take the option with a much smoother transition: instruct a Microsoft partner to seamlessly migrate their email to Microsoft’s excellent Office 365 cloud offering.

Lineal can offer consultancy services for upgrade and migration planning in addition to being a certified Microsoft Partner. We specialise in Office 365 and hybrid deployments across the entire Microsoft product set.

 

Please get in touch to find out how easy and cost effective it can be to move your email to the cloud with Lineal.