Zero-Day Exploits Target Exchange Server On-Premises – Microsoft Releases Out-of-Band Security Updates
Microsoft has become aware of active exploits of related vulnerabilities in the wild (limited targeted attacks), our recommendation is to install these updates immediately.
Microsoft has released this set of out of band security updates for vulnerabilities associated with these versions of Exchange Server:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
Security updates are available for the following specific versions of Exchange:
- Exchange Server 2010 (RU 31 for Service Pack 3 – this is a Defense in Depth update)
- Exchange Server 2013 (CU 23)
- Exchange Server 2016 (CU 19, CU 18)
- Exchange Server 2019 (CU 8, CU 7)
These vulnerabilities only affect Microsoft Exchange Server (on- premises). Exchange Online is not affected.
For more information: Microsoft Security Response Center (MSRC) blog
If Kraft Kennedy can be helpful, please reach out.