Microsoft Pushes Patches for Older Versions of Exchange ServerMicrosoft Pushes Patches for Older Versions of Exchange Server
Additional patches arrive as CISA issues an alert urging all organizations to immediately patch the Microsoft Exchange vulnerabilities.
March 9, 2021

Microsoft has deployed another series of Exchange Server security updates, which can be applied to some older and unsupported cumulative updates, to protect older versions of Exchange Server as attackers continue to scan for and exploit critical flaws patched last week.
The company has already issued emergency fixes for CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 in Microsoft Exchange Server versions 2013, 2016, and 2019. Now, it's patching the same vulnerabilities in versions of Exchange Server it no longer supports.
In a blog post, Microsoft says these update packages only contain fixes for these four CVEs and do not include other product updates or security fixes. These updates are meant as a temporary measure to protect vulnerable machines; admins must still keep their environments current. Admins need to update to the latest supported cumulative update, then apply the necessary security update. Those who are midupdate to a later cumulative update should proceed with that update.
These updates are available only via Microsoft Download Center, not on Microsoft Update.
The same day Microsoft released these patches, the Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) issued an alert urging "all organizations" to "immediately address" the Exchange Server flaws. Officials note the exploitation is "widespread and indiscriminate" and advise IT teams to follow the guidance on its "Remediating Microsoft Exchange Vulnerabilities" webpage.
About the Author(s)
Tricks to Boost Your Threat Hunting Game
Nov 06, 2023Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023