Recently, Microsoft has released software updates to mitigate significant vulnerabilities for on-premise Exchange 2013, 2016, and 2019 servers. A threat actor could use these vulnerabilities to gain access and maintain persistence on the target server. It should be noted that these Microsoft Exchange vulnerabilities are different from ones discovered and patched in March of 2021 and the March releases will not remediate these vulnerabilities. Due to the level of permission that Exchange manages inherently, and the content on these servers (potentially sensitive information), Exchange servers are the primary target for adverse activity.
We strongly recommend patching Exchange with the latest updates from April 13, 2021. Here is the description of the security update for Microsoft Exchange Server 2019, 2016, and 2013 (KB5001779) as well as the list of updates. The list is below as well for your convenience.
|KB Article:||Applies To:|
|4504715||SharePoint Server 2019 Language Pack|
|4504716||SharePoint Server 2019|
|5001330||Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2|
|5001332||Windows Server 2008 (security-only update)|
|5001335||Windows 7, Windows Server 2008 R2 (Monthly Rollup)|
|5001337||Windows 10, Version 1909, Windows Server, Version 1909|
|5001342||Windows 10, Version 1809, Windows Server 2019|
|5001347||Windows 10, Version 1607, Windows Server 2016|
|5001382||Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)|
|5001383||Windows Server 2012 (Security-only update)|
|5001387||Windows Server 2012 (Monthly Rollup)|
|5001389||Windows Server 2008 (Monthly Rollup)|
|5001392||Windows 7, Windows Server 2008 R2 (Security-only update)|
|5001393||Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)|
|5001779||Microsoft Exchange Server 2019, 2016, 2013|
Please ensure that you have implemented all of the above security updates that apply to your environment. If you have questions or need assistance deploying the updates, please contact the EDCi Technical Support Services Center at (800) 332-3553 or Support@edci.com. We are here to help!