ZICTA has warned businesses which rely on on-premise Microsoft Exchange Server to urgently update their software to protect their systems from cyber-attacks.
ZICTA Corporate Communications manager Ngabo Nankonde’s warning follows a recent announcement by Microsoft and Volexity regarding the detection of multiple new exploits used to target vulnerabilities (CVE 2021- 26855, CVE-2021-26857, CVE2021-26858, and CVE-2021-27065) in on-premises versions of Microsoft Exchange Servers.
Microsoft Exchange is a Microsoft’s email server solution which is a piece of software that runs on a server and manages all emails.
Ms Nankonde said in light of the public announcement from Microsoft, ZICTA suspects that hackers are likely to attempt to exploit these vulnerabilities before victims implement the Microsoft updates.
“The business community is therefore being cautioned that, continual use of unpatched exchange servers or delayed implementation of Microsoft-released updates poses a serious risk to affected systems and has the potential to affect all businesses in Zambia that are currently running the Microsoft Exchange on-premise,” she said.
Ms Nankonde also cautioned that successful exploitation of the vulnerabilities on-premises versions of Microsoft Exchange Servers can allow an attacker to access victims’ Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.