On Monday, March 10th, Microsoft announced that a recent vulnerability known as CVE-2020-0688 was actively being used by attackers to run commands as SYSTEM on Exchange mail servers. This provided them with the ability to gain full access to the server and potentially overrun the entire domain. It was also noted that attacks were being enabled via other previous vulnerabilities in Exchange. On Tuesday, March 11th, we took action to secure all of our clients with Exchange servers.
There may be a small amount of fallout for clients with a very specific set of Outlook users that are running the client in ‘Online Mode’ and had Outlook open while the updates were being applied, this is most common in Remote Desktop environments. This can cause a problem opening Outlook after the update is completed. The user may receive a message containing “…the set of folders cannot be opened…” Unfortunately, the fix requires a new Outlook profile.
If you are not a Smart Dolphins client and you are running Exchange on premise, ensure that you have the most recent Exchange Cumulative Update and apply the security patches noted here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
Businesses using Office 365 for email are not susceptible to this vulnerability and related attack methods.
For more information, visit: https://www.infosecurity-magazine.com/news/apt-groups-attack-exchange-servers/
If you have any questions or concerns, please contact us.