Cybercriminals Threaten Release of Sensitive World-Check Database
A recent cyber attack has resulted in a serious data breach affecting the World-Check database, a critical tool used by financial institutions and other organisations…
Microsoft Exchange Servers require ‘Extended Protection’ to be manually turned on to patch new vulnerabilities
Affected Systems: Microsoft Exchange Server 2013, 2016, and 2019
Description:
Alongside the release of Microsoft’s August 2022 security update, Microsoft has advised that in order to fully patch some of the vulnerabilities disclosed this month requires Microsoft Exchange Server administrators to manually enable Windows Extended Protection.
The August 2022 security update included patches to six new vulnerabilities, three of which are of critical severity – CVE-2022-21980, CVE-2022-24516, and CVE-2022-24477. All of these critical vulnerabilities allow for elevation of privileges.
Preventions:
The August 2022 update for Microsoft Exchange Server 2019 and 2016 can be found here, Microsoft Exchange Server 2013 update can be found here.
Microsoft has developed a script to help users enable Extended Protection. This script can be found here, and documentation for it can be found here. Microsoft has noted that it is important for users to fully understand the prerequisites needed for Extended Protection.
Related Links:
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862– Posted August 9th
Related articles
WhatsApp Verification Code Scams: Stay Safe and Protect Your Account
WhatsApp, the popular messaging service owned by Meta, has become a prime target for fraudsters. A recent scam involves the manipulation of the WhatsApp’s verification…
LastPass Users Targeted in Sophisticated Phishing Campaign
Password manager LastPass has issued an urgent warning to its users about a sophisticated phishing campaign designed to steal master passwords and gain unauthorised access…