fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Releases ProxyLogon Updates For Unsupported Exchange Servers

Microsoft Releases ProxyLogon Updates For Unsupported Exchange Servers

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks.

These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can’t find an update path to a supported version.

Applying these security updates will only address the Exchange Server vulnerabilities fixed earlier this month (tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065).

They do not bundle additional product updates or security fixes since they are meant to be quick patches to protect the servers until deploying the latest Exchange updates.

“This is intended only as a temporary measure to help you protect vulnerable machines right now,” the Exchange team said. “You still need to update to the latest supported CU and then apply the applicable SUs.”

Exchange update path
Exchange Server update path (Microsoft)

Also Read: What You Should Know About The Data Protection Obligation Singapore

These security updates are only available through the Microsoft Download Center, and you can download standalone update packages for servers running:

You must install the downloaded security updates from an elevated command prompt because the updates can install without fixing the vulnerabilities by double-clicking the MSP installers as a normal user.

The full procedure needed to install the updates correctly requires you to go through the following steps:

  1.        Download the update but do not run it immediately.
  2.        Select Start, and type CMD.
  3.        In the results, right-click Command Prompt, and then select Run as administrator.
  4.        If the User Account Control dialog box appears, choose Yes, and then select Continue.
  5.        Type the full path of the .msp file, and then press Enter.

Once you successfully install these additional updates, you should also make sure to bring your Exchange environment to a supported state by installing the latest available updates as soon as possible.

To be protected after deploying the security updates, you will also have to reboot the server after the installation process ends, even if you will not be prompted.

It’s also important to mention that if you install any other intermediary cumulative updates after these security updates, your Exchange server will once again be vulnerable to ongoing ProxyLogon attacks.

“Our original announcement Released: March 2021 Exchange Server Security Updates contains information and resources that can help you plan your updates, troubleshoot problems, and help you with mitigations, investigation, and remediation of the vulnerabilities,” Microsoft added.

Microsoft has also updated the Microsoft Safety Scanner (MSERT) tool to help customers detect web shells deployed in recent Exchange Server attacks by Chinese-backed state hackers.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

CISA also warned of “widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities,” urging admins to use Microsoft’s IOC detection tool to detect signs of compromise in their organizations.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us