UPDATE: On 13 April 2021 Microsoft released security updates to mitigate significant newly discovered vulnerabilities in Microsoft Exchange 2013, 2016 and 2019.
The new vulnerabilities are:
The patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities and organisations must apply Microsoft’s 13 April 2021 updates to prevent potential compromise.
The vulnerabilities previously identified were:
Microsoft has released security updates for vulnerabilities found in:
Organisations should apply new patches as soon as possible and also undertake detection steps outlined in Microsoft guidance.
These vulnerabilities affect Microsoft Exchange Server. Exchange Online customers are already protected and do not need to take any action.
For additional information, please see the Australian Cyber Security Centre guidance.
If the patches aren’t applied, these vulnerabilities could be used by cyber attackers to compromise your business’ information and operations.
A range of cyber attackers – including some in the business of ransomware – were quick to take advantage of businesses that had failed to apply the March updates, which is why it’s critical to apply patches as soon as possible.
To find out more, visit cyber.gov.au.