Exchange server security vulnerabilities: It’s time to switch to mailbox.org

While more and more security experts and data protection professionals are warning about security vulnerabilities in Microsoft Exchange, mailbox.org offers a secure alternative.

It looks as if March 2021 is not going to be a good month for customers of Microsoft’s “Exchange” mail server. Heinz Müller, the most senior data protection official for the federal state of Mecklenburg and Western Pomerania, now said openly what other data protection professionals and legal scholars have known for some time: There are many Microsoft products that should not be used by businesses and authorities in the country because doing so would be illegal. As the German IT publisher Heise News wrote: “The data protection commissioner for Mecklenburg-Western Pomerania and the state’s audit office are both calling for the state government to cease using any Microsoft products, immediately.” and also: “the only feasible option for upholding required data protection standards and maintaining the digital sovereignty of the state government is to use open source software products”.

Security alert level RED – “extremely critical”

Further considering the current security concerns about Microsoft’s products, there are now many good reasons to look for alternatives: On 2 March 2021, the vendor published a number of critical security updates that every customer was supposed to install on their MS Exchange servers, most recently even packaged up in a specially developed software tool.

The security updates that were provided did unfortunately not bring the relief everyone was hoping for. Within a week, IT security researchers had established that there were tens of thousands of vulnerable servers in Germany alone, and about the same number also in the US. As the situation developed further, the German federal office for information security (BSI) talked of an “extremely critical situation”, which led them to issue a red security alert concerning Microsoft Exchange Server on 9 March. A week later, attackers still managed to further refine their exploit methods so as to utilize servers and client computers for automated Bitcoin mining (i.e., using their computing resources to create crypto currency).

Active Directory and Office 365 affected by major issues

As if that wasn’t enough, Microsoft’s Active Directory service, which is part of the critical infrastructure of many businesses, failed completely on 15 March. Two days later, the news were that “71% of Office 365 implementations had been successfully attacked in 2020” (Office 365 is the latest incarnation of the Microsoft Office product, which can run in a Web browser).

Secure and legally compliant: mailbox.org and Heinlein Support

As many will have guessed, mailbox.org is not affected by any of the problems mentioned above. Customers who use our e-mail, data synchronization, office and chat services are and have been secure and fully protected by data protection measures that are fully compliant with German and European law. Heinlein Support, the company that operates mailbox.org, specializes in e-mail servers and Linux for data centers. We pass on our knowledge and experience through the Heinlein Academy, individual consultancy, our hosting services, and the e-mail provider mailbox.org.