Exchange 2019 Drafts

Question

Exchange 2019 Drafts

Cesar 41

Hello Everyone,

Last week some of my users noticed a draft email they did not create. The email contained an attachment and their email address was in the 'TO' field. I ran the latest MSERT on the server and it found the following threat:

Backdoor:MSIL/Chopper.F!dha

I rebooted the server and re-run MSERT which did not find any threats.

Today, the same issue occurred. I ran MSERT and it found:

Backdoor:MSIL/Chopper.F!dha
Backdoor:ASP/WebShell.C!MTB

I rebooted the server and re-run MSERT and it did not find any threats.

Back in March our server was compromised due to the Proxy logon vulnerability. We cleaned it out and installed the patch. I have not have any issues since then until next week.

How can I prevent this hacker from gaining access to our server?

Exchange 2019
Server 2019
Thank you

0 comments

Answer accepted by question author

0 additional answers

Your answer

Answer 1

Yuki Sun-MSFT 41,456 Moderator

Hi @Cesar ,

From your description, seems like what you are encountering is related to the proxyshell vulnerability as mentioned in the blog below:
ProxyShell vulnerabilities and your Exchange Server

According to the blog, if you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities. So for your situation, it's suggested to install the latest CU and SU on all your Exchange servers to protect your Exchange environment against these threats.

Furthermore, here's a thread which discuss a similar issue for your reference:
Unexpected Spam email in Outlook Draft folder

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Cesar 41 Reputation points

2021-09-15T18:49:56.417+00:00

Hi Yukisum

Thanks for the response.

I further looked into this issue... the Exchange CU that we are currently running is 4.

Will I be able to upgrade the CU4 to CU9 or 10 to obtain the latest patch?

I was under the assumption, MS updates would also update the exchange software... I was wrong.

Please advise
Thank you
Yuki Sun-MSFT 41,456 Reputation points Moderator

2021-09-16T02:12:53.293+00:00

Hi @Cesar ,

Will I be able to upgrade the CU4 to CU9 or 10 to obtain the latest patch?

Each CU is a full installation of Exchange that includes updates and changes from all previous CUs, so you can directly upgrade to CU9 or CU10 without needing to install any previous CUs. Then you can use MS update or manually apply the security patches as mentioned in the blogs shared earlier.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Yuki Sun-MSFT 41,456 Reputation points Moderator

2021-09-20T00:20:16.417+00:00

Hi @Cesar ,

Just circling back to see how things are going on with this thread. If you still have further concern on this, please feel free to post back.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Cesar 41 Reputation points

2021-09-21T20:36:19.623+00:00

Hi @Yuki Sun-MSFT ,

I installed CU10 and the July security update.

It seems like we are okay for now.

I will continue to monitor the server.
Thank you so much!

Share via

Exchange 2019 Drafts

0 additional answers

Your answer