Check back regularly for the latest news and tips from the world of IT.

Regardless of whether you suspect your Exchange Server(s) is infected, Angel City Computers recommends that you check indicators of compromise (IOC) by running the Microsoft IOC Detection Tool for Exchange Server Vulnerabilities.

Immediately apply updates to all Microsoft Exchange instances you host.

Call Angel City Computers 702-867-0068 for help and refer to this guide.

Perhaps it's time to move your Exchange servers to the cloud... We can help with that!

03/13/2021 11:07 AM EST

Original release date: March 13, 2021

CISA has added seven Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each MAR identifies a webshell associated with exploitation of the vulnerabilities in Microsoft Exchange Server products. After successful exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actors can upload a webshell to enable remote administration of the affected system.

In addition to the MARs, CISA added information on ransomware activity associated with exploitation of the Exchange Server products, including DearCry ransomware.

CISA encourages users and administrators to review the following resources for more information.

• Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
• MAR-10328877-1.v1: China Chopper Webshell
• MAR-10328923-1.v1: China Chopper Webshell
• MAR-10329107-1.v1: China Chopper Webshell
• MAR-10329297-1.v1: China Chopper Webshell
• MAR-10329298-1.v1: China Chopper Webshell
• MAR-10329301-1.v1: China Chopper Webshell
• MAR-10329494-1.v1: China Chopper Webshell
• CISA’s Remediating Microsoft Exchange Vulnerabilities web page
• CISA’s Ransomware Guidance and Resources web page

FBI-CISA Joint Advisory on Compromise of Microsoft Exchange Server

03/10/2021 02:51 PM EST

Original release date: March 10, 2021

CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) to address recently disclosed vulnerabilities in Microsoft Exchange Server. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.

The CSA places the malicious cyber actor activity observed in the current Microsoft Exchange Server compromise into the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework.

CISA recommends organizations to review Joint CSA: AA-21-069 Compromise of Microsoft Exchange Server as well as the CISA Remediating Microsoft Exchange Vulnerabilities web page for guidance on detecting, protecting against, and remediating this malicious activity.

Cybersecurity and Infrastructure Security Agency (CISA)

Critical updates needed to recent versions of Microsoft Exchange Servers

On March 2, Microsoft released a set of security updates to address multiple vulnerabilities that are being actively exploited by criminals seeking to do harm. The vulnerabilities exist in the on-premises versions of Exchange Server 2013, 2016, and 2019. There is also a security update to resolve a known vulnerability in Exchange 2010 that we have not yet seen actively exploited.

These updates only apply to Exchange Servers running in your environment. Exchange Online is not affected.

We want to ensure that you’re aware of the situation, and we strongly recommend that you update and patch your Exchange Servers immediately.

Steps to getting your Exchange Servers up to date:

1. Begin with servers that are accessible from the Internet (for example Outlook Web Access)
2. First install the latest Exchange Cumulative Updates for your version of Exchange on each server
3. Then install the relevant security updates on each server
4. If you have issues during the update process, please contact Support

We recommend that your security/IT team or support partner evaluate whether the vulnerabilities were exploited by assessing the information published at https://aka.ms/exchangevulns.

Microsoft is committed to working with you through this issue, their account and support teams are available to help you through this issue. If you have questions, please do not hesitate to contact them.

Angel City Computers provides IT support, network administration, computer repair, and a host of services to the Las Vegas Valley. Please call us at 702-867-0068 to schedule your free no-obligation system evaluation. Find out how Angel City Computers can make technology work for you.

Angel City Computers can help! Call our tech line now:

(702) 867-0068

(661) 347-4542

or send us an email.

Angel City Computers

Headquarters

8565 S Eastern Ave, Ste 170

Las Vegas, NV 89123

12484 Washington Blvd

Whittier, CA 90602

What's new in the world of IT? Click below to get the latest news.

IT News

Compromise of Microsoft Exchange Server