The Hafnium attack on thousands of on-premises Exchange servers is a wake-up call for their administrators and the organizations using the email service. Ten years ago, it was a reasonable decision to stay on-premises. Five years ago, you could argue the same case and companies with bad network connectivity to the internet or specific security requirements were happy to stay on-premises. Now? In a world of increasing threat, staying on-premises looks a lot more risky. For most, it’s time to move to the cloud.
Microsoft has issued critical security updates for Exchange on-premises servers. The fixes close off four known vulnerabilities which expose Exchange to day-zero attacks. It’s important to apply these updates ASAP.
Microsoft has released new cumulative updates for Exchange Server 2016, Exchange Server 2013, and Exchange Server 2010 SP3 in June 2018.
Exchange Server 2013 has reached the end of mainstream support and is now in extended support, with the upcoming Cumulative Update 21 planned to be the last CU released.
Microsoft has released new cumulative updates for Exchange Server 2016, 2013, and 2010 in March 2018.