Microsoft Pushes Patches for Older Versions of Exchange ServerMicrosoft Pushes Patches for Older Versions of Exchange Server
Additional patches arrive as CISA issues an alert urging all organizations to immediately patch the Microsoft Exchange vulnerabilities.
March 9, 2021
Microsoft has deployed another series of Exchange Server security updates, which can be applied to some older and unsupported cumulative updates, to protect older versions of Exchange Server as attackers continue to scan for and exploit critical flaws patched last week.
The company has already issued emergency fixes for CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 in Microsoft Exchange Server versions 2013, 2016, and 2019. Now, it's patching the same vulnerabilities in versions of Exchange Server it no longer supports.
In a blog post, Microsoft says these update packages only contain fixes for these four CVEs and do not include other product updates or security fixes. These updates are meant as a temporary measure to protect vulnerable machines; admins must still keep their environments current. Admins need to update to the latest supported cumulative update, then apply the necessary security update. Those who are midupdate to a later cumulative update should proceed with that update.
These updates are available only via Microsoft Download Center, not on Microsoft Update.
The same day Microsoft released these patches, the Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) issued an alert urging "all organizations" to "immediately address" the Exchange Server flaws. Officials note the exploitation is "widespread and indiscriminate" and advise IT teams to follow the guidance on its "Remediating Microsoft Exchange Vulnerabilities" webpage.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Everything You Need to Know About DNS Attacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment