ACSC Warns MS Exchange Patches No Longer Enough
The Australian Cyber Security Centre is warning businesses and organisation that deploying security patches to Microsoft Exchange systems is no longer deemed sufficient to mitigate malicious activity related to the ongoing vulnerability in the servers.
The ACSC says in addition to installing patches, organisations should investigate the possibility of exploitation of Microsoft Exchange services as a matter of priority.
Vulnerability detection steps are outlined in Microsoft guidance, but the security watchdog said if organisations are unable to carry out the procedures Microsoft has published a mitigation tool which they organisations can use as a first step to protecting servers.
The head of the ACSC, Abigail Bradshaw told senators 10s of organisations had reached out to her agency regarding the server vulnerability.
She said the Centre has been running scans on externally facing internet connections, which has assisted it to observe the number of systems that still require patching.