On March 2nd Microsoft announced that four critical security vulnerabilities had been identified in Microsoft Exchange Server versions 2013 to 2019. Recently released data shows that these vulnerabilities may have been actively exploited since January 2021 and current estimates are that 30,000 organisations in the United States alone, may have been impacted.
To mitigate further risk of exploitation, our technical support teams are pro-actively contacting potentially impacted clients to arrange for essential security updates to be applied. If you are running an on-premise version of Microsoft Exchange and you haven’t heard from us, please contact our technical support team (https://support.xperience-group.com) for further assistance.
Security as a Service Clients – Cisco released updated threat detection rule sets on March 3rd, which were automatically deployed to our Security as a Service Platforms. Our Security Teams continue to monitor the situation and further defensive measures will be deployed as required.
Microsoft Office 365 Users – Microsoft has confirmed that Exchange Online services are not affected by these vulnerabilities.
If you’re concerned about the impact of this incident, or should you wish to enquire about our comprehensive security solutions, please contact your client account manager or click here to request a call back.
Microsoft Support Articles
HAFNIUM targeting Exchange Servers with 0-day exploits
Microsoft Exchange Server Vulnerabilities Mitigations
March 2021 Exchange Server Security Updates