Exchange servers in Switzerland still vulnerable

Despite many warnings from the National Cyber Security Center (NCSC), some serious Exchange vulnerabilities have still not been patched in Switzerland. 

National Center for Cybersecurity
Image: depositphotos

The National Cyber Security Center (NCSC) informed back in November 2022 that more than 2800 Microsoft Exchange servers in Switzerland were vulnerable because they had the critical vulnerability called "ProxyNotShell". A month later, around 2000 operators were requested by the NCSC via registered letters to close the vulnerability. However, the message still hasn't gotten through everywhere. More than 600 servers in Switzerland still show the gateway for cybercriminals. The NCSC advises to install the updates as quickly as possible.

The figure is worrying, he said, because the NCSC has been warning about this vulnerability at regular intervals for the past two months, and has also been asking operators personally, via registered letters, to close the gap. Each of these 660 servers is at risk of becoming a victim of a cyberattack on a daily basis. The NCSC also recommends that applications and websites on the Internet always contact security. "security.txt" and be sure to check the correctness of the address in the domain whois.

To patch the Exchange vulnerabilities, the NCSC recommends the following approach:

  • Make sure that you have installed a current Cumulative Update (CU) with all corresponding Security Updates (Nov22SU);
  • Check your Exchange server with the HealthChecker provided by Microsoft:
    https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
  • Scan your Exchange Server with up-to-date virus protection;
  • Review your patch strategy and ensure that critical security updates are applied outside of maintenance windows.

 

Source: NCSC

(Visited 238 times, 1 visits today)
h2> More articles on the topic

SECURITY NEWS

Bleiben Sie informiert über aktuelle Sicherheitsthemen – praxisnah und zuverlässig. Erhalten Sie exklusive Inhalte direkt in Ihren Posteingang. Verpassen Sie keine Updates.

Jetzt anmelden!
anmelden
You can unsubscribe at any time!
close-link