- Security vulnerability in Microsoft exchange servers remains largely not corrected
- A fix was issued four years ago, but some users have clearly not updated
- This defect may have helped the piracy group Salt Typhoon
Critical security vulnerabilities seem to be a regular event in technological reports, with countless fixes and updates to follow – but this defect in the Microsoft exchange server could be one to take very seriously.
Most of us know the major incident during which 9 American telecommunications giants were raped in what seemed to be a campaign of cyber-espionage sponsored by the Chinese state. The attack, attributed to the hacking of the Salt Typhoon group, would have, at least in part, exploited a critical security flaw known in Microsoft Exchange Server.
Vulnerability, nicknamed Proxylogon, was disclosed by Microsoft in 2021, and a fix has been available for 4 years. Despite this, the tenable cyber-risk management company has calculated in nearly 30,000 cases affected by Proxylogon, 91% remain unlikely.
Guidance of the Cisa
The American Cybersecurity and Infrastructure Safety Agency (CISA) previously published in -depth directives on strengthening systems and hardening systems in response to violation, and has focused on encryption at the end At the end for secure communications.
Progylogon is one of the five commonly exploited vulnerabilities used by the salt typhoon. Others include vulnerabilities for injection and authentication of injection and authentication of Ivanti Connect, as well as vulnerability of the injection of Sophos firewall code.
In light of this, the recommendation and advice for all safety teams are always patcher when available, and to remain as possible on any software for vulnerabilities or potential fixes.
“In the light of the vulnerabilities exposed by the typhoon of Salt, we must take measures to ensure our networks,” said the president of the Federal Communications Commission, Jessica Rosenworcel.
“Our existing rules are not modern. It is time to update them to reflect the current threats so that we have a chance to fight to guarantee that the cyber attacks sponsored by the State do not succeed. The time to take this action is now. We don’t have the luxury to wait. »»
