On-Prem Microsoft Exchange Server Urgent Action Required
Simplify IT • 15 March 2021
Follow Up: If you are running On-Premise or Hybrid versions of Microsoft Exchange Server - Please read this
Simplify IT, partnership with Microsoft would like to alert you to security updates for multiple different on-premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by Hafnium - as we recently informed you.
The vulnerabilities exist in on-premises Exchange Servers 2013, 2016, and 2019. Exchange Online is not affected.
We want to ensure you are aware of the situation and urge you to take immediate remediation steps:
- Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments you have at your business, or are hosting and managing for a third party.
- The first priority are servers that are accessible from the Internet (e.g., servers publishing Outlook on the web / OWA and ECP).
- To patch vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
- You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release).
- Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010).
- We also recommend that your security team assess whether or not the vulnerabilities are being exploited.
If you have any issues or concerns, please get in touch.
Simplify IT are committed to working with you through this issue- whether you are our existing customer or not.
If you have any concerns about this attack and what to do next and need assistance, please contact us as soon as possible.
Contact Us