Exchange Server Zero-Day Threat
On March 3, 2021, Microsoft issued an emergency Microsoft Exchange Server patch alert for multiple zero-day vulnerabilities that are being exploited by a nation-state affiliated group. The order impacts on-premise Exchange Servers 2010, 2013, 2016, and 2019. Older editions are past end of life and do not receive security updates. Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments. The first priority is servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).
To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates, followed by the relevant security updates on each server.
The vulnerabilities and risk do not exist for any version of Microsoft Exchange Online. The risk does not impact any version of Microsoft 365 or Microsoft Office 365.
As discussed in past posts, one of the benefits of cloud-based solutions is the integrated management of the environment. You are not depending on how well your IT provider of staff keep up with maintaining your systems and your security updates. Moving your infrastructure to the cloud shifts the burden of maintenance and operations, letting your team focus on activities that help your run and grow your business.
Want to learn more, contact us and schedule a complimentary Cloud Advisor session.
