Update to Alert 138 – Multiple Vulnerabilities in Microsoft Exchange Server
Systems Affected
✻ Microsoft exchange server 2019 cumulative update 7
✻ Microsoft exchange server 2019 cumulative update 8
✻ Microsoft exchange server 2016 cumulative update 18
✻ Microsoft exchange server 2016 cumulative update 19
✻ Microsoft exchange server 2013 cumulative update 23
Overview
The alert update is released by ‘Cybersecurity and Infrastructure Security Agency, US’
Description
Everyone using Microsoft Exchange on-premise products must
✻ Check for signs of compromise
✻ Immediately patch Microsoft Exchange with the vendor released patch
✻ If unable to patch, remove the products from the network immediately
✻ Upgrade to the latest supported version of Microsoft Exchange
Solution/ Workarounds
Actions for IT Admins/Staff
Please follow the recommended steps
✻ Patch ALL instances of Microsoft Exchange that you are hosting.
✻ If you can’t patch then follow the recommendations Microsoft issued
by Microsoft Exchange Server Vulnerabilities Mitigations,March 2021,Microsoft Security Response Center.
✻ Check for indicators of compromise by running the following script in the given link
✻ If you haven’t been compromised we strongly recommend enhanced monitoring of network connections to your Exchange environment
References
Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.
-
The decision we make today on cyber security will determine the security of the society in which we live tomorrow.
Total Users : 228348Designed and Developed by Procons Infotech