All system notifications

From 1/4/2021 there will be changes to some government email addresses. Please note that this change will not impact your existing CJSM account. However, you may experience issues sending to certain gov.uk destinations.

Emails to addresses containing the following are likely not to be delivered:

gsi.gov.uk

Emails to addresses containing the following will not be delivered:

gsx.gov.uk

gcsx.gov.uk

gse.gov.uk

crowncourt.gsi.gov.uk

mcs.gsi.gov.uk

If you experience any delivery issues please reach out to the recipient and ask them to provide a new e-mail address.

If you have any questions on the back of this notification please contact the CJSM Helpdesk on 0207 604 5598 or via email cjsm.helpdesk@egress.com.

*** PLEASE PASS THIS INFORMATION TO YOUR I.T. OR E-MAIL SUPPLIER FOR INVESTIGATION AND REVIEW ***

Please be aware, we have been alerted to some further Microsoft Exchange vulnerabilities for on-premise Exchange Servers 2013, 2016 and 2019, as stated below. On April 13th, 2021 Microsoft released security updates for vulnerabilities found in the following on-premise Exchange Servers:

Exchange Server 2013 Exchange Server 2016 Exchange Server 2019

These vulnerabilities were reported to Microsoft by the US National Security Agency (NSA). No incidents of the vulnerabilities being exploited ‘in the wild’ have been reported yet, and no examples of exploit code are available.

There are four reported vulnerabilities (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482. CVE-2021-28483), and they all allow an attacker to perform remote code execution. There are currently no reported indicators of compromise for these vulnerabilities. All four have been designated as Critical Severity.

Recommended Actions

1.Ensure your Exchange Servers are running the following specific builds (Exchange Servers can be inventoried through the Exchange Server Health Checker Script (Hosted on GitHub) to determine which Exchange Severs are behind of updates):

Exchange Server 2013 CU23 / Exchange Server 2016 CU19 and CU20 / Exchange Server 2019 CU8 and CU9

2.Install the April 13th 2021 security updates as soon as possible (ensure they are installed from an elevated CMD prompt). Either through Windows Update or from the Microsoft Update Catalogue.

3.As a best practice, it is also recommended that automatic updates are turned on to automate the installation of future security patches like this one.

Note: Microsoft says Exchange Server 2010 and Exchange online is not affected by these new vulnerabilities. Exchange hybrid needs to be updated, even when all mailboxes are in Exchange Online.

Conclusion

These vulnerabilities were all disclosed by the NSA, and no security incidents involving them have been recorded yet. The exact specifics of how the vulnerabilities affect targeted systems have not been publicly disclosed. The public has been informed that the complexity of all four vulnerabilities is low, and two of them can be exploited without logging on, while the other two only require low privilege. The potential impact on Confidentiality, Integrity, or Availability (CIA) of systems is rated as ‘high’. Due to the recent adversary focus on on-premise Exchange Servers, there is a high likelihood that they will be exploited sooner rather than later. It is therefore recommended that these updates are prioritised before that happens.

Summary: A critical vulnerability has been identified in Microsoft Email servers (Exchange Servers). We recommend that all CJSM Administrators check with their IT team if they are running an affected version of the email software and promptly apply Microsoft's mitigations, if they have not already done so.

These vulnerabilities can be exploited to extract mail data or compromise your organisations' mail systems.

This threat/vulnerability is being exploited, with organisations across the world having been compromised already. One CJSM connected organisation has been attacked as a result of this vulnerability and has been suspended from the service whilst they regain control of their system. N.B. the threat cannot be transferred to another organisation by CJSM.

Impact Microsoft has confirmed the following vulnerabilities to be under active exploitation by the HAFNIUM advanced persistent threat group: Due to the ease of exploitation, it is anticipated that there will be other attackers/organised criminals targeting this vulnerability shortly. Individuals actively exploiting this do so because, it will enable them to: read/steal emails, download internal sensitive data, and compromise machines with malware for long-term access to your network.

Affected Products and Versions:

The following platforms are known to be affected:

•Microsoft Exchange Server 2019 Versions: all prior to CU8 15.2.792.10 / CU7 15.2.721.13

•Microsoft Exchange Server 2016 Versions: all prior to CU19 15.1.2176.9 / CU18 15.1.2106.13

•Microsoft Exchange Server 2013 Versions: all prior to CU23 15.0.1497.12

•Microsoft Exchange Server 2010 Versions: all prior to SP3 RU32 14.3.513.0

Only the listed Exchange Server versions, either physically or virtually hosted, are vulnerable. Exchange Online and all associated platforms are not vulnerable.

An email is being sent to your Organisation Administrator tonight with full details of the remediation required.

If you have been compromised or need any further support please email cjsm.helpdesk@egress.com as soon as possible.

Please be aware that CJSM are performing updates to various business categories to improve the experience when searching our directory.

Organisation Administrators may receive a notification saying that changes have been made by the CJSM Helpdesk. This is nothing to worry about and is expected behavior.

If you have any questions please feel free to contact the CJSM Helpdesk on 0207 604 5598 or cjsm.helpdesk@egress.com.

Did you know that in the event that you ever forget your password, or you have enrolled in MFA* and lost your MFA device, a verified phone number can be used to send a recovery SMS to yourself which will allow you to regain access to your CJSM account.

To add a recovery phone number please follow the steps below:

1 - Login to your CJSM account. 2 - Click on the 'Administration' tab, you should then see the 'More' tab below logout. 3 - Click on the 'More' tab and then navigate to 'Account Details'. 4 - Click the 'Account Security' tab followed by 'Recovery Phone Number'. 5 - You should be able to enter your recovery number after providing your CJSM password.

When you successfully enter your recovery number a one-time verification code will be sent to your phone. Please note that your one-time code is only valid for 5 minutes, after this period a new code would need to be generated.

If you have any issues please contact the CJSM Helpdesk on 0207 604 5598 or via email cjsm.helpdesk@egress.com and we will be more than happy to help.

*Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.