Urgent updates and actions following Exchange server vulnerabilities. This alert is an updated version of the NCSC alert and contains additional information on installing updates and detection. Microsoft made public that sophisticated actors had attacked a number of Exchange servers. In response to this they released multiple security updates for affected servers.
The vulnerabilities affect Microsoft Exchange Server. The affected versions are:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
Install the latest updates immediately
This should be the first priority for all UK organisations using affected versions of Microsoft Exchange Server. Security updates can be found on the Microsoft website. If organisations are unsure about how to update or uncertain whether updates have installed successfully, please refer to the Microsoft support documents.
If organisations cannot install the updates, or apply any of the mitigations, the NCSC recommends isolating the Exchange server from the internet by blocking untrusted connections to the Exchange server port 443.
The NCSC strongly advises all organisations using affected versions of Microsoft Exchange Servers to proactively search systems for evidence of compromise, in line with Microsoft guidance linked below.
If you need further advice about how to protect yourself from cyberattacks and vulnerabilities, get in touch with a member of our team today!