Microsoft Exchange vulnerabilities affect over 30,000+ US organizations

Earlier, we have mentioned that a major security vulnerability has occurred in Microsoft Exchange, affecting all versions of Microsoft Exchange Server 2013-2019.

In response to this security crisis, Microsoft has urgently issued a security update to fix it, and all companies that deploy Microsoft Exchange on local servers must update.

However, at present, most companies have not installed the update in time to block the vulnerability. For example, in the United States alone, more than 30,000 organizations use it but have not fixed the vulnerability.

The research team found that hundreds of hackers are currently using vulnerabilities to steal data at the fastest speed, and can use vulnerabilities to infiltrate the corporate internal network directly.

CVE-2018-8302

Microsoft Exchange Server is a local server mail system launched by Microsoft. Institutional users can install it on the local server after purchasing the authorization.

Microsoft also provides a mail system hosted by the company. If a company or organization uses a Microsoft-hosted system, it will not be affected because Microsoft has already fixed the vulnerabilities.

The local mail system must be installed the patch and updated it in a timely manner. Statistics show that a large number of American companies, credit unions, and government agencies use this system.

Due to the failure to install and update in time, a large number of enterprises and government agencies have been attacked by hackers, and some of the data leaked by these agencies are also sensitive.

It is worth noting that the attacker can use the vulnerability not only to hack the mail system but also to infiltrate the intranet of government and enterprise organizations to launch more attacks with the use of elevated privileges.