Microsoft Pushes Patches for Older Versions of Exchange Server
Additional patches arrive as CISA issues an alert urging all organizations to immediately patch the Microsoft Exchange vulnerabilities.
Microsoft has deployed another series of Exchange Server security updates, which can be applied to some older and unsupported cumulative updates, to protect older versions of Exchange Server as attackers continue to scan for and exploit critical flaws patched last week.
The company has already issued emergency fixes for CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 in Microsoft Exchange Server versions 2013, 2016, and 2019. Now, it’s patching the same vulnerabilities in versions of Exchange Server it no longer supports.
In a blog post, Microsoft says these update packages only contain fixes for these four CVEs and do not include other product updates or security fixes. These updates are meant as a temporary measure to protect vulnerable machines; admins must still keep their environments current. Admins need to update to the latest supported cumulative update, then apply the necessary security update. Those who are midupdate to a later cumulative update should proceed with that update.
These updates are available only via Microsoft Download Center, not on Microsoft Update.
The same day Microsoft released these patches, the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) issued an alert urging “all organizations” to “immediately address” the Exchange Server flaws. Officials note the exploitation is “widespread and indiscriminate” and advise IT teams to follow the guidance on its “Remediating Microsoft Exchange Vulnerabilities” webpage.
Read more of Microsoft’s guidance here and here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
Recommended Reading:
More Insights
Read More HERE