The Federal Office for Information Security (BSI) has warned of two serious security gaps in the Microsoft Exchange communication platform, for which there are still no security updates.
On Friday, the authority referred to an analysis by the security company GTSC on the two vulnerabilities.
The errors are what are known as new zero-day exploits in Microsoft Exchange Servers, i.e. gaps that can also be exploited directly on systems that are up to date and have installed all security patches.
The gaps are particularly dangerous because security updates are not yet available.
However, according to the information, there is a defense mechanism that administrators can implement by changing the system configuration.
The GTSC researchers explained that attackers from the Chinese environment are already successfully attacking Exchange servers and nesting in systems via back doors.
After successful attacks, the execution of malicious code is possible.
Microsoft confirmed the two vulnerabilities.
They enabled "limited targeted attacks," the company said.
The cloud version of Exchange should not be affected, but only systems at customers who run Microsoft Exchange on their own hardware.