While the last few years have seen most of our customers move their enterprise messaging from a local Exchange cluster to Microsoft 365, plenty still have some on-premises Exchange infrastructure. If this describes your organization, hopefully you have already heard about the critical updates that were released to address vulnerabilities in Exchange 2010, 2013, 2016, and 2019.
It is absolutely essential that these updates are applied to your servers immediately. Bring them down in the middle of the day if need be—whatever it takes to get them applied. Why is this so serious? Because the vulnerability is currently being widely exploited by attackers, many of whom are believed to be nation-state actors. The exploit allows the attackers to gain access to the Exchange server, its data, and can also provide a launchpad for further attacks against the victim’s computing environment.
If you’ve patched already, great—but understand that this does not protect you if you were compromised before the patch was installed. Microsoft has released guidance on what to look for on your Exchange servers to ensure no attacker successfully gained a presence on them. This guidance, and links to the updates, are all available at https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/, which is being regularly updated with new information. Get patching!
Continue Reading: Top 5 cybersecurity actions to take right now