WHAT TO DO NOW TO TAKE CARE OF THE NEW ZERO-DAY MICROSOFT VULNERABILITY
Microsoft has announced a new zero-day vulnerability that is actively being exploited. It affects onsite Exchange servers of any role, including management-only, of Exchange 2010, 2013, 2016, and 2019. Due to the critical nature of these vulnerabilities, Microsoft recommends that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuses.
The vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.
The versions affected are:
• Exchange Server 2010 (update requires Service Pack 3 – this is a Defense in Depth update)
• Exchange Server 2013 (update requires CU 23)
• Exchange Server 2016 (update requires CU 19 or CU 18)
• Exchange Server 2019 (update requires CU 8 or CU 7)
Exchange Online / Office 365 / Microsoft 365 are NOT affected. Microsoft has released a security update that requires a base version and recommends installation at the earliest opportunity. If you do not already have the base Cumulative Update installed, it will need to be installed first.
Many questions are answered in the links above. Xiologix offers professional services if you need assistance. Contact us for more information.