Security News > 2021 > March > Microsoft releases ProxyLogon updates for unsupported Exchange Servers
Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks.
These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can't find an update path to a supported version.
They do not bundle additional product updates or security fixes since they are meant to be quick patches to protect the servers until deploying the latest Exchange updates.
Once you successfully install these additional updates, you should also make sure to bring your Exchange environment to a supported state by installing the latest available updates as soon as possible.
It's also important to mention that if you install any other intermediary cumulative updates after these security updates, your Exchange server will once again be vulnerable to ongoing ProxyLogon attacks.
"Our original announcement Released: March 2021 Exchange Server Security Updates contains information and resources that can help you plan your updates, troubleshoot problems, and help you with mitigations, investigation, and remediation of the vulnerabilities," Microsoft added.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)