CISA strongly recommends disconnecting public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life or end-of-service from the internet. SharePoint Server 2013 and earlier versions are noted as EOL and should be disconnected if still in use. Johannes Ullrich highlighted that the vulnerability primarily affects organizations running Exchange on-premises in hybrid mode, with many opting for cloud solutions instead. An attacker must obtain admin rights to exploit the vulnerability, which can ease access into cloud infrastructure.
CISA highly recommends that admins disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life or end-of-service from the internet.
Johannes Ullrich noted that this issue only affects organizations that run Exchange on premises in hybrid mode. Past vulnerabilities and ongoing guidance from Microsoft have motivated many organizations to abandon on-premises Exchange in favor of cloud solutions.
The number of organizations still running Exchange on premises is getting smaller and smaller. In order to exploit the vulnerability, an attacker must first get admin rights on the on-premises Exchange server.
Having an attacker with admin rights is always a bad thing, and I am not sure this vulnerability increases the risk much. It makes it easier to pivot into the organization's cloud presence.
Collection
[
|
...
]