Microsoft Exchange Server Security: November 2021 Updates

 orEarlier this month Microsoft identified a high severity bug in Exchange Server 2016 and 2019. This bug enabled authenticated attackers to remotely run code on vulnerable machines. In response, Microsoft released security updates for vulnerabilities found in Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019.

Today, a proof-of-concept (PoC) exploit code relating to the bug has been published by a technical security researcher, with Microsoft confirming it is aware of limited targeted attacks in the wild using this vulnerability. The recommendation is to install the security update immediately to protect your environment.

The report today further highlights the importance of patching vulnerable machines. Exchange servers should be patched regularly as, since March this year, there has been at least one exploit every month.

 Take action today 

The vulnerability only affects on-premise Exchange servers, including servers used by customers in Exchange Hybrid mode. As such CPiO Cloud and Microsoft 365 customers are secured. However, any customer with an on-premise Exchange deployment should review the details of the exploit without delay. Where CPiO customers have technical call-off time, the support helpdesk can be contacted for assistance. For customers who do not have call off time, please contact your account manager who will advise the best course of action.

Why consider Cloud?

CPiO Cloud uses the latest Microsoft technologies and takes security, hardware and network performance concerns out of your hands. Our proactive IT support ensures all application patches are applied, usually before you even realise there is an issue, providing total peace of mind that your business critical data is in a secure environment.

To discover how CPiO Cloud can benefit your business; removing the worry of security flaws and all too frequent security attacks, visit www.cpio.co.uk/cloud-computing or contact us today to discuss your needs.