Tech Tips

March 10, 2021

Running an Exchange Server? Patch It, Right Now!

Running your email through an Exchange Server? It needs a patch ASAP to fix a new vulnerability…a bad one.

If you haven't heard, Microsoft reported a major hack of its Exchange Server product family a few weeks ago.

The hack exploited four vulnerabilities in the Exchange Server software. Chinese hackers began exploiting these to gain access to the servers, steal email communications, and deploy malware.

They first targeted Exchange Servers accessible from the Internet (e.g., servers publishing Outlook on the Web/OWA and ECP). However, they didn't stop there.

Suffice it to say, this one's bad. It hasn't swept through all Exchange Servers, but estimates are at least 30,000 organizations in the U.S. have been hit, and hundreds of thousands worldwide.

On March 2, Microsoft released patches to fix these vulnerabilities. If your company uses an Exchange Server, you need to install the patch ASAP.  (All of PlanetMagpie’s customers have been taken care of.)

This page has the patches for Exchange Server 2010 through 2019: 

March 2021 Exchange Server Security Updates – Microsoft Exchange Team Blog

 

If you use Exchange Online through Office 365, those servers have been patched already. You're okay.

IMPORTANT NOTE: Microsoft did say that the patch will not "close the backdoor" if someone's already hacked your Exchange Server. To detect this, you must run a special tool, and modify the server to kick them out.

If you're concerned about your Exchange Server, or need help patching, please contact us right away.


Do you have an "everyday IT" question you want answered? Send it in to woof@planetmagpie.com and it may show up in Magpie's next Tech Tip.