On March 2, 2021, Microsoft publicly announced a zero-day exploit of its Microsoft Exchange product. The exploit is one of the most serious to have affected Microsoft products. It follows close on the coattails of the massively publicized SolarWinds data breach.
A zero-day exploit is a security vulnerability for which the manufacturer has not yet created a fix or patch, thus allowing hackers to access the product without there being a way to stop them. The term “zero-day exploit” describes a situation in which software is released that has unknown security issues, and for which the developers had zero days to apply a fix before the software was compromised.
As of this writing, it is estimated that at least 30,000 U.S. organizations have been affected by the exploits. The hackers’ actions include a simple “knock at the door” to see if a server is accessible to exporting content stored in Exchange, including emails and contacts.
Vulnerabilities and Microsoft’s Response
This security breach is made up of four different vulnerabilities. The first part allows a “threat actor” (that is, a hacker) to gain access to Exchange Servers that have not been updated with Microsoft’s recently released patch. It provides the threat actor with a door to get into a system remotely.
Click the link to read more on the wisbar.org site. For help setting up your AUP or any computer-related issues or needs, contact The Computer Center by visiting computer-center.com/contact or call (608) 755-1524.