Systems Affected
✻ Microsoft exchange server 2019 cumulative update 7
✻ Microsoft exchange server 2019 cumulative update 8
✻ Microsoft exchange server 2016 cumulative update 18
✻ Microsoft exchange server 2016 cumulative update 19
✻ Microsoft exchange server 2013 cumulative update 23
Threat Level
Low
Overview
The alert update is released by 'Cybersecurity and Infrastructure Security Agency, US'
Description
Everyone using Microsoft Exchange on-premise products must
✻ Check for signs of compromise
✻ Immediately patch Microsoft Exchange with the vendor released patch
✻ If unable to patch, remove the products from the network immediately
✻ Upgrade to the latest supported version of Microsoft Exchange
Solution/ Workarounds
Actions for IT Admins/Staff
Please follow the recommended steps
✻ Patch ALL instances of Microsoft Exchange that you are hosting.
✻ If you can't patch then follow the recommendations Microsoft issued
by Microsoft Exchange Server Vulnerabilities Mitigations,March 2021,Microsoft Security Response Center.
✻ Check for indicators of compromise by running the following script in the given link
(https://github.com/microsoft/CSS-Exchange/blob/cb550e399bc2785e958472e533147826e2b6bf24/Security/Test-ProxyLogon.ps1)
✻ If you haven't been compromised we strongly recommend enhanced monitoring of network connections to your Exchange environment
References
✻ https://us-cert.cisa.gov/ncas/alerts/aa21-062a
✻ https://us-cert.cisa.gov/ncas/current-activity/2021/03/05/microsoft-releases-alternative-mitigations-exchange-server
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.