Security News > 2021 > March > Microsoft releases ProxyLogon updates for unsupported Exchange Servers

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks.
These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can't find an update path to a supported version.
They do not bundle additional product updates or security fixes since they are meant to be quick patches to protect the servers until deploying the latest Exchange updates.
Once you successfully install these additional updates, you should also make sure to bring your Exchange environment to a supported state by installing the latest available updates as soon as possible.
It's also important to mention that if you install any other intermediary cumulative updates after these security updates, your Exchange server will once again be vulnerable to ongoing ProxyLogon attacks.
"Our original announcement Released: March 2021 Exchange Server Security Updates contains information and resources that can help you plan your updates, troubleshoot problems, and help you with mitigations, investigation, and remediation of the vulnerabilities," Microsoft added.
News URL
Related news
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)