TechRepublic Premium
But now Exchange Server 2016 and Exchange Server 2019 customers have another way of patching the flaws. That is, by installing the latest quarterly cumulative updates (CU) from Microsoft, which is the most complete mitigation available. We wanted to highlight that these latest CUs contain the fixes that were previously released as Exchange Server Security Updates on March 2, 2021. This means you don t have to install the March 2021 Security Updates after installing the March 2021 CUs, Microsoft s Exchange team noted.
Microsoft has separately published more information for security teams responding to the Exchange server bugs CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065.
Source: Microsoft, Bleeping Computer
Ransomware-wielding attackers have begun to exploit a serious proxy-logon flaw in unpatched versions of Microsoft Exchange running on premises, Microsoft reports. Hackers have exploited the flaw to access vulnerable servers, crypto-lock files and demand a ransom from victims in return for the promise of a decryption tool.
News of the attack campaign follows Microsoft on March 2 issuing emergency patches to fix four zero-day flaws in Microsoft Exchange, which is one of the most widely used pieces of IT infrastructure in the world. Because we are aware of active exploits of related vulnerabilities in the wild, Microsoft said in its March 2021 Exchange Server Security Updates alert, which it continues to update, our recommendation is to install these updates immediately to protect against these attacks.