Red alert: Critical Exchange vulnerability under active exploitation

Source: NCSC-FI (Finland)
Link: https://www.kyberturvallisuuskeskus.fi/en/ajankohtaista/Varoitus_TTN_0121
Published: 2021-03-10

Summary

NCSC-FI issued a red alert for critical vulnerabilities in Exchange servers being actively exploited. Software updates available and should be installed immediately. System administrators must examine systems for signs of data breaches. NCSC-FI aware of several dozen breach incidents.

Key Points

• Alert level: Red (most severe)
• Affected: Microsoft Exchange servers
• Status: Active exploitation
• Known incidents: Several dozen in Finland
• Updates: Available and must be installed immediately
• Additional action: Check for signs of existing compromise
• Alert timeline: Elevated to red March 10, downgraded to yellow March 23, discontinued April 15

Impact

Red alert designation indicates exceptional severity. The several dozen known Finnish compromises during the alert period demonstrate widespread exploitation of vulnerable Exchange servers.