Exchange servers in Switzerland still vulnerable
Despite many warnings from the National Cyber Security Center (NCSC), some serious Exchange vulnerabilities have still not been patched in Switzerland.
The National Cyber Security Center (NCSC) informed back in November 2022 that more than 2800 Microsoft Exchange servers in Switzerland were vulnerable because they had the critical vulnerability called "ProxyNotShell". A month later, around 2000 operators were requested by the NCSC via registered letters to close the vulnerability. However, the message still hasn't gotten through everywhere. More than 600 servers in Switzerland still show the gateway for cybercriminals. The NCSC advises to install the updates as quickly as possible.
The figure is worrying, he said, because the NCSC has been warning about this vulnerability at regular intervals for the past two months, and has also been asking operators personally, via registered letters, to close the gap. Each of these 660 servers is at risk of becoming a victim of a cyberattack on a daily basis. The NCSC also recommends that applications and websites on the Internet always contact security. "security.txt" and be sure to check the correctness of the address in the domain whois.
To patch the Exchange vulnerabilities, the NCSC recommends the following approach:
- Make sure that you have installed a current Cumulative Update (CU) with all corresponding Security Updates (Nov22SU);
- Check your Exchange server with the HealthChecker provided by Microsoft:
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/ - Scan your Exchange Server with up-to-date virus protection;
- Review your patch strategy and ensure that critical security updates are applied outside of maintenance windows.
Source: NCSC