Exchange Server bug: Patch now, but multi-factor authentication might not stop these attacks, warns Microsoft

Microsoft has released security updates for its Exchange on-premises email server software that businesses should take on board.

The security updates are for flaws in Exchange Server 2013, 2016, and 2019 — the on-premises versions of Exchange that were compromised earlier this year by the Beijing-backed hacking group that Microsoft calls Hafnium. Four vulnerabilities in on-premises Exchange server software were exploited, and now Microsoft has warned that one newly-patched flaw — tracked as CVE-2021-42321 — is also under attack.

The Exchange security updates were released as part of Microsoft’s November 2021 Patch Tuesday updates for Windows, the Edge browser, the Office suite, and other software products.

Full article

Scroll to Top