Hero Banner

Modern Work & Security

Oppdateringer og ressurser.

Reply
VyaraLoevig
Moderator

Important Security Updates for Exchange Server

Dear Microsoft Norway Partner Network – important information to take action on today

 

Today, Microsoft released patches for multiple different on-premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group. The vulnerabilities impacted exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019.

 

We wanted to ensure that you are aware of the situation and we highly recommend that you take immediate action to apply the patches for any on-premises Exchange deployments you have or are managing for a customer or advise your customer of the steps they need to take.

 

What action should I take?

 

For on-premises Exchange Servers, we ask that you direct your teams to start immediate action to assess your Exchange infrastructure and patch vulnerable servers, with the first priority being servers that are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).  To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server. 

 

  • You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release).
  • Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010). 

More information and additional resources

 

More information on the vulnerability and security patches can be found on the following blogs:

Multiple Security Updates Released for Exchange Server – Microsoft Security Response Center

HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security

New nation-state cyberattacks - Microsoft On the Issues

 

 

Additional information to assist you:

 

CVE-2021-26412

CVE-2021-26854

CVE-2021-26855

CVE-2021-26857

CVE-2021-26858

CVE-2021-27065

CVE-2021-27078

 

We are committed to working with you through this issue. 

0 REPLIES 0