Security News > 2023 > January > Microsoft urges admins to patch on-premises Exchange servers
Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update to have them always ready to deploy an emergency security update.
"To defend your Exchange servers against attacks that exploit known vulnerabilities, you must install the latest supported CU and the latest SU," The Exchange Team said.
Microsoft also asked Exchange admins to provide info on how the Exchange Server update process could be improved via an "Update experience survey."
Exchange servers are highly sought-after targets, as evidenced by the FIN7 cybercrime group's efforts to create a custom auto-attack platform dubbed Checkmarks specifically designed to help breach Exchange servers.
Today's warning comes after Microsoft also asked admins to continuously patch on-prem Exchange servers after issuing emergency out-of-band security updates to address the ProxyLogon vulnerabilities that were exploited in attacks two months before official patches were released.
Last but not least, CISA ordered federal agencies to patch a Microsoft Exchange bug dubbed OWASSRF and abused by the Play ransomware gang as a zero-day to bypass ProxyNotShell URL rewrite mitigations on unpatched servers belonging to Texas-based cloud computing provider Rackspace.
News URL
Related news
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)