cybercrime
BSI warns of security gaps in Microsoft Exchange
Arne Schönbohm, President of the Federal Office for Information Security (BSI). photo
© Rolf Vennenbernd/dpa
Security researchers have discovered a new vulnerability in Microsoft’s e-mail and communication platform Exchange. The vulnerability is said to have already been successfully exploited.
The Federal Office for Information Security (BSI) has warned of two serious security gaps in the Microsoft Exchange communication platform, for which there are still no security updates. On Friday, the authority referred to an analysis by the security company GTSC on the two vulnerabilities.
The errors are what are known as new zero-day exploits in Microsoft Exchange Servers, i.e. gaps that can also be exploited directly on systems that are up to date and have installed all security patches. The gaps are particularly dangerous because security updates are not yet available. However, according to the information, there is a defense mechanism that administrators can implement by changing the configuration of the system.
The GTSC researchers explained that attackers from the Chinese environment are already successfully attacking Exchange servers and nesting in systems via back doors. After successful attacks, the execution of malicious code is possible.
Microsoft confirmed the two vulnerabilities. They enabled “limited targeted attacks,” the company said. The cloud version of Exchange should not be affected, but only systems at customers who run Microsoft Exchange on their own hardware.
BSI Cyber Security Alert Opinion Microsoft Analysis of GTSC