On the partner blog: Guidance for partners on critical Exchange Server security updates
On Tuesday, March 2, 2021, Microsoft released security updates for multiple on–premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group that we are calling Hafnium. The vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.
The versions affected are:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
- Microsoft Exchange Server 2010 is being updated for Defense in Depth purposes.
To minimize or avoid impacts of this situation, Microsoft highly recommends that you take immediate action to apply the updates for any on-premises Exchange deployments you have or are managing for a customer, or advise your customer of the steps they need to take. The priority being servers which are accessible from the Internet (for example, servers publishing Outlook on the web/OWA and ECP).
Go to the partner blog post here for further information and links.