Microsoft has released security patches to address four new remote code vulnerabilities in Exchange 2013,2016, and 2019. At the same time, the FBI has removed web shells from compromised servers, but only in the U.S. Now more than ever it is essential that Exchange Server administrators apply all available patches and make sure that their servers have no lingering surprises left behind by attackers.
The Hafnium attack on thousands of on-premises Exchange servers is a wake-up call for their administrators and the organizations using the email service. Ten years ago, it was a reasonable decision to stay on-premises. Five years ago, you could argue the same case and companies with bad network connectivity to the internet or specific security requirements were happy to stay on-premises. Now? In a world of increasing threat, staying on-premises looks a lot more risky. For most, it’s time to move to the cloud.