Skip to the main content.

1 min read

Microsoft Exchange Server Vulnerabilities

Microsoft Exchange Server Vulnerabilities

Microsoft has made public four vulnerabilities in Microsoft Exchange Server that require urgent attention. The  announcement can be read in full here.

These vulnerabilities were originally being targeted by a state based hacking group called Hafnium to gain access to Exchange email servers primarily based in the United States.

There is now evidence that other hacking groups are now using these Exchange server vulnerabilities to target email servers worldwide.

Affected Versions:

Microsoft Exchange 2013

Microsoft Exchange 2016

Microsoft Exchange 2019

A security update has also been released for Exchange 2010 although not in specific response to these vulnerabilities.

Exchange Online or Office 365 email accounts are not affected and CPiO Cloud Exchange servers have all been patched.

CPiO Cloud, CPiO Managed Services (MSP) and Microsoft 365 customers were not affected in any way by these vulnerabilities due to our proactive support.

With CPiO Cloud and MSP we resolve your issues before they manifest, usually before customers are even aware of any issue.

 What action should you take:

Check Patch Levels of your Microsoft Exchange Server additional details can be found below.

Update affected Exchange servers as soon as possible.

Be aware that installing the updates may take a number of hours depending on current patch levels and hardware performance.

Run all updates as administrator and ensure a complete backup of the Exchange server is available before applying the updates.

Scan Exchange server logs for Indicators of Compromise using the Microsoft Test-ProxyLogon script.

Scan the Exchange server for web shells using the Microsoft detect_webshells script.

Scan the Exchange server using the latest version of the Microsoft Safety Scanner (MSERT).

Continue to monitor for suspicious activity.

Talk to your CPiO account manager about the proactive IT support services available from CPiO.

Exchange Server Security Updates:

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

 If you require assistance or would like to discuss how CPiO Technical services could help your business, please contact us

Microsoft Exchange Email Servers Vulnerabilities

2 min read

Microsoft Exchange Email Servers Vulnerabilities

Hackers are targeting Microsoft email servers after a series of vulnerabilities were detailed at a computer security conference earlier this...

Read More
Microsoft changes Office 365solution names

1 min read

Microsoft changes Office 365solution names

The good news is with the name changes there comes no price or feature changes. Subscribers don’t need to do anything to activate or accept the...

Read More
Microsoft Exchange Server Security: November 2021 Updates

2 min read

Microsoft Exchange Server Security: November 2021 Updates

orEarlier this month Microsoft identified a high severity bug in Exchange Server 2016 and 2019. This bug enabled authenticated attackers to...

Read More