Widely reported in the mainstream news, due to the severity of this attack, Microsoft reported on the 2nd March 2021 that vulnerabilities in Exchange Server mail and calendar software were being widely exploited by hackers. Thousands of businesses have been affected… Should you be worried?
- Yes, if you are using a privately hosted Exchange
- No, if you are using Office 365 Exchange Online
With the prevalence of Microsoft Exchange Server within businesses, globally, this is pretty big news. As you can understand, it has a lot of them, including our customers, quite concerned.
Firstly, and very importantly for ISAAC customers, the hackers were targeting Microsoft Exchange Server, and not the cloud–based Office 365 platform. Microsoft have now released patches to cover the exploited holes in MS Exchange Servers 2010, 2013, 2016 and 2019. Due to the severity of the attack, Microsoft released the patches on the first Tuesday of the month, ahead of the traditional Patch-Tuesday, which is typically the 2nd Tuesday of the month, but these will need to be applied by your IT team. The inclusion of patches for Exchange Server 2010, which is not officially supported anymore, shows that these holes have been around for quite some time.
Will the patches kick out the hackers if we have been compromised?
- The answer from Microsoft is No.
We us Office 365 (and Exchange Online), so no need to worry?
- We always recommend Microsoft Exchange Online, over Exchange Server, due to it’s reliability and security; provided you have appropriate security protocols in place, such as Multi Factor Authentication.
- Even with appropriate multi-layered security in place, we would also always advise caution in what you open and click in your mailbox. The threat of malicious links in phishing emails is prevalent – read our blog post on how to deal with them.
Ultimately, cyber security is a big deal and being sure you are taking all the precautions you can is important.
Give us a shout if you would like a security review of your Office 365 environment.
Originally published in October 2014. Updated February 2021.Between early 2010 and mid 2014, I completed a management buyout and the simultaneous acquisition of one of our largest competitors to create one of the UK's leading independent mobile telecoms providers. As...
So here it is… Lockdown Mark III (in the UK) – this one destined to last at least 6 weeks, probably 8 and maybe all the way to the end of March around Easter in some form or another. At least. The UK Chief Medical Officer, Professor Chris Whitty, has already been...
Logging into and staying logged into Microsoft/Office 365 One of the conveniences of the modern world is being able to sign in to a service is having that service remember who we are, saving time and frustration with constant login prompts! Microsoft 365 is no...