+++ UPDATE +++ (10.03.2021)
+++ UPDATE +++ (08.03.2021)
The warning level regarding the Exchange vulnerability has now been upgraded from “Orange” to “Red”. The BSI assumes that every system that has not been updated is already compromised. Please also see the updated document at the end of this news.
This closes four vulnerabilities that are already being used in combination for targeted attacks and offer perpetrators the possibility of tapping data or installing further malware.
According to Microsoft, if attacks are successful, attackers could compromise entire servers with the groupware software and, for example, view internal e-mails and appointments. Our system was updated immediately; the vulnerabilities therefore do not affect the central TU and HRZ groupware.
You can read more detailed information in the official notification of the BSI (PDF) (opens in new tab) and the info brochure “detection and reaction” (PDF). (opens in new tab)