Microsoft Release Patches for On-Premises Exchange Servers
News|3 March 2021
Microsoft has released patches for multiple on-premises for Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group.
The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019. Exchange online is not affected.
To minimise and avoid the impacts of this situation, Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments. Either managed by yourselves or that you are managing for customers. The priority should be servers that are accessible from the internet (e.g. servers publishing Outlook on the web/OAW and ECP).
To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
- You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release).
- Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010).
- We also recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise we shared here.
You can access Microsoft’s Security Update Release relating to this issue here.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.
Related News
Intel oneAPI 2024.1 A Milestone Release
What’s new in Intel oneAPI 2024.1 The 2024.1 release of Intel® Software Development Tools marks a major milestone for developers AND the entire software industry: the Intel® oneAPI DPC++/C++ Compiler has become the first compiler to fully support the SYCL...
ISV Partner Day Shortlisted for CRN Sales & Marketing Award
ISV Partner Day has been shortlisted for "Best Customer Event" at the CRN Sales & Marketing Awards
Microsoft 365 and Azure Security Tools: Microsoft Intune
In the second video in our series of short videos discussing Microsoft 365 and Azure security tools and concepts, our Microsoft experts cover off all you need to know about Microsoft Intune! Intune is a robust cloud-based solution to safeguard...
Women in Tech: A New Era | Roundtable
Fri 21 June 2024 5:00 pm - 11:30 pm BST
Get ready to shake it off (and network like nobody’s watching) because we’re hosting an exciting exclusive Women in Tech event with ESET that you won’t want to miss out on. Join us and share feedback, experiences and insights with...