Security News > 2023 > January > Microsoft to enterprises: Patch your Exchange servers

Microsoft is urging organizations to protect their Exchange servers from cyberattacks by keeping them updated and hardened, since online criminals are still going after valuable data in the email system.
Enterprises need to make sure to install the latest Cumulative Updates and Security Updates on the Exchange servers - and occasionally on Exchange Management Tools workstations - and to run manual tasks like enabling Extended Protection and certificate signing of PowerShell serialization payloads, according to the vendor's Exchange Team.
"Attackers looking to exploit unpatched Exchange servers are not going to go away," the group wrote in a blog post on Thursday.
There are reasons Exchange servers are a lure for cybercriminals, according to Chris Gonsalves, chief researcher officer for Channelnomics.
"But as the recent in Exchange servers have taught us - the ProxyNotShell stuff specifically - it goes beyond that," Gonsalves told The Register.
Such threats highlight the importance of keeping on-premises Exchange servers updated and hardened.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/01/28/microsoft_patch_exchange_servers/
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft Exchange Online outage affects Outlook web users (source)