As a valued Insight client, we would like to alert you to Microsoft’s urgent patch release for on-premises Microsoft Exchange Server zero-day vulnerabilities, which are being exploited by a nation-state affiliated group as of 03.03.2021, to enable you to execute all associated mitigation recommendations accordingly.
The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019. Exchange Online is not affected. We wanted to ensure you were aware of the situation and would ask that you help drive immediate remediation steps.
To minimise risk to this vulnerability, Insight advises our clients and partners to take immediate action and execute this patch deployment by way of remediation action as soon as possible.
Further detail and resources from Microsoft are outlined below together with the associated patching instructions required.
This notification provides guidance for customers regarding new security updates released by Microsoft to resolve privately reported security vulnerabilities that affect Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Exchange Online is not affected.
Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments you have or are managing for a customer or advise your customer of the steps they need to take. The first priority being servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).
To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
Insight was founded in
1988 and has global headquarters in Tempe, Arizona.
We provide intelligent technology solutions - hardware, software, cloud and support services.
We have operations in 22 countries and serve clients in more than 180 countries.
We’re Microsoft’s No. 1 Global Licensing Solution Provider.
Insight offers support in 15 languages.
To equip all of our clients with access to the latest thought leadership, our cyber security news channel provides opinion, advice and research directly from highly experienced Industry SOC experts. Naked Security is Sophos’s award-winning threat newsroom, offering all of the latest and up-to-date information, research and development headlines on computer security issues and the latest internet threats.