October 8, 2020 | 10:02

BSI warns about Exchange

40.000 Companies in Germany affected

The BSI (German Federal Authority for Informationsecurity) warns with the second highest level “orange” (= the IT threat situation is mission critical. massive disruption of regular operations) in the public media1. Around 40,000 companies in Germany alone are affected by several critical vulnerabilities because security updates have not yet been installed2. In fact, Heise speaks of playing Russian roulette3.

It’s not without reason that I have been warning for several years now about interlocking internal AD and internet functions like Microsoft does deliberatly. Unfortunately many hang their Exchange server directly “in the Internet” including OWA and EAS without any firewalls, mail gateways or reverse proxies. The normal case is totally negligent: Via port forwarding!

My personal point of view:

If you still use the combination Exchange/Outlook, you can’t be helped.

Last month I wrote a rant about this in my microblog4 and since then I have migrated further installations5. A full-fledged Exchange replacement based on Linux is up and running quickly. User accounts and data usually imported within one day. A change is possible without downtime.

I will be glad to help you.
Just contact me!

Tomas Jakobs

  1. https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2020/CSW-MS-Exchange-Server_061020.html ↩︎

  2. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Cybersicherheitswarnungen/2020/2020-252437-1021.pdf?__blob=publicationFile&v=3 ↩︎

  3. https://www.heise.de/news/Exchange-Luecke-Fast-40-000-deutsche-Unternehmen-spielen-Russisch-Roulette-4921792.html ↩︎

  4. https://blog.jakobs.systems/micro/20200914-exchange-ersatz/ ↩︎

  5. https://blog.jakobs.systems/micro/20201007-exchange-linux-migration/ ↩︎

© 2020 Tomas Jakobs - Imprint and Legal Notice