Microsoft: Exchange ‘Extended Protection’ needed to fully patch new bugs

2022-08-09 21:14

Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks.

Remote attackers can exploit these Exchange bugs to escalate privileges in low-complexity attacks after tricking targets into visiting a malicious server using phishing emails or chat messages.

Microsoft says that admins also need to enable Extended Protection after applying today's security updates to make sure that threat actors won't be able to breach vulnerable servers.

"Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack," Redmond said in advisories published Tuesday.

A script provided by Microsoft is available to enable this feature, but admins are advised to "Carefully" evaluate their environments and review the issues mentioned in the script documentation before toggling it on their Exchange servers.

Since Redmond has also tagged all three Exchange vulnerabilities as "Exploitation More Likely," admins should patch these flaws as soon as possible.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-extended-protection-needed-to-fully-patch-new-bugs/

#exchange #microsoft #patch

News URL

Related news