Security News > 2023 > January > Microsoft urges admins to patch on-premises Exchange servers

Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update to have them always ready to deploy an emergency security update.

"To defend your Exchange servers against attacks that exploit known vulnerabilities, you must install the latest supported CU and the latest SU," The Exchange Team said.

Microsoft also asked Exchange admins to provide info on how the Exchange Server update process could be improved via an "Update experience survey."

Exchange servers are highly sought-after targets, as evidenced by the FIN7 cybercrime group's efforts to create a custom auto-attack platform dubbed Checkmarks specifically designed to help breach Exchange servers.

Today's warning comes after Microsoft also asked admins to continuously patch on-prem Exchange servers after issuing emergency out-of-band security updates to address the ProxyLogon vulnerabilities that were exploited in attacks two months before official patches were released.

Last but not least, CISA ordered federal agencies to patch a Microsoft Exchange bug dubbed OWASSRF and abused by the Play ransomware gang as a zero-day to bypass ProxyNotShell URL rewrite mitigations on unpatched servers belonging to Texas-based cloud computing provider Rackspace.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-urges-admins-to-patch-on-premises-exchange-servers/