11.10.2021

Microsoft Exchange Security Update

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 11/10/2021

Action Level - Important

Description

MCNC would like to make you aware of an Exchange vulnerability recently disclosed by Microsoft. This vulnerability affects Exchange Server 2016 & 2019 and could allow an authenticated attacker to execute code remotely on a vulnerable server. Microsoft is aware of targeted attacks using this vulnerability and recommends installing updates immediately

Affected Software

  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Attack Vector

An attacker with authenticated remote access to a vulnerable server.

Attack Feasibility

There are reports that this issue is being actively exploited in targeted attacks.

Mitigations

There are no known mitigations or workarounds to address this vulnerability.

Remediation

Microsoft has released cumulative updates for Exchange Server 2016 and 2019 to remediate this vulnerability. A blog post by the MS Exchange team also provides a PowerShell query that can be run on an Exchange server to verify whether this exploit has been attempted on the server. Microsoft recommends patching and checking for exploit attempts as soon as possible. 

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC