A critical vulnerability in Microsoft Exchange Server 2016 and 2019 (CVE-2023-36439), allows attackers to take over the server with highest privileges. When they successfully take over the server, they can install Backdoor to issue remote commands, install encryption viruses and steal data, using the server as a springboard to continue deeper attacks
Microsoft Exchange Server is a virtual email server that allows businesses to send and receive mail, manage Contacts and Calendars. Worldwide, there are more than 63,000 Microsoft Exchange servers still online on the Internet that have not been patched for this vulnerability. In Vietnam, this number is about 80.
Experts recommend that units and organizations using Microsoft Exchange Server need to immediately patch the vulnerability CVE-2023-36439. Additionally, immediately implement additional security measures, such as multi-factor authentication (MFA) and network access authorization, to better protect your system.