Security News > 2023 > January > Microsoft urges admins to patch on-premises Exchange servers

Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update to have them always ready to deploy an emergency security update.
"To defend your Exchange servers against attacks that exploit known vulnerabilities, you must install the latest supported CU and the latest SU," The Exchange Team said.
Microsoft also asked Exchange admins to provide info on how the Exchange Server update process could be improved via an "Update experience survey."
Exchange servers are highly sought-after targets, as evidenced by the FIN7 cybercrime group's efforts to create a custom auto-attack platform dubbed Checkmarks specifically designed to help breach Exchange servers.
Today's warning comes after Microsoft also asked admins to continuously patch on-prem Exchange servers after issuing emergency out-of-band security updates to address the ProxyLogon vulnerabilities that were exploited in attacks two months before official patches were released.
Last but not least, CISA ordered federal agencies to patch a Microsoft Exchange bug dubbed OWASSRF and abused by the Play ransomware gang as a zero-day to bypass ProxyNotShell URL rewrite mitigations on unpatched servers belonging to Texas-based cloud computing provider Rackspace.
News URL
Related news
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)