Exchange Server Vulnerabilities

Exchange Server patch alert

We are alerting you to Microsoft’s release of patches for multiple different on-premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group.

The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019. 

Exchange Online is not affected. We wanted to ensure you were aware of the situation and would ask that you help drive immediate remediation steps.

Specifically, to minimize or avoid impacts of this situation, Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments you have or are managing for a customer or advise your customer of the steps they need to take.

The first priority being servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).

To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.

  • You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release).
  • Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010).
  • We also recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise we shared here.

We are committed to working with our customers through this issue. For additional help, please open a ticket or contact the help desk.

Cloudpush IT Support and Managed Service Provider

Company Announcements

Articles

Technical Bulletins

Ransomware is not a bunch of geeks targeting businesses. It is a sophisticated ecosystem of analysts, tool developers, money launderers and the attackers who may not even know each other. Businesss need to take a close look at their IT vulnerabilitiues. https://buff.ly/2QcQZb0

It’s a good time to review just how up to date your firmware patching is! #cyberattack, #cybersecurity, #firmware https://buff.ly/3d138Iw

Cloudpush has now achieved RingCentral Ingite! Partner status, the highest level available to channel partners. More details here: https://lnkd.in/dy_3a8U
#cloudpush, #ringcentral, #voip, #ucaas

We’re excited to announce our partnership with RingCentral, a Gartner leader in the UCaaS industry. We can now offer clients a broad suite of cloud enterprise unified communications and collaboration solutions.
https://www.cloudpush.co.uk/cloudpush-ringcentral/
#cloudpush, #ringcentral, #voip, #ucaas

Load More...