Microsoft has released an urgent update for Exchange Server in response to servers being actively attacked by a sophisticated threat actor. Organisations running Microsoft Exchange servers, particularly those directly exposed to the internet, are urged to patch these servers immediately. Exchange Online is not affected.

‍

What's happening

Systems affected

Microsoft Exchange Server versions:

• 2010
• 2013
• 2016
• 2019

Microsoft Exchange Server 2010 will also receive a patch despite being out of support.

What this means

Attackers are exploiting multiple vulnerabilities in order to gain access to Exchange servers with SYSTEM privileges, which can lead to data exfiltration and further network compromise.

‍

What to look for

How to tell if you're at risk

If you are running Exchange Server version 2010, 2013, 2016 or 2019, and have not yet applied the updates released today.

How to tell if you're affected

For a full list of indicators of compromise, see the Microsoft Security blog.

Microsoft Security blog External Link

More information

Microsoft Security blog has further information about the attacks with Indicators of Compromise.

Microsoft Security blog  External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at or call the MBIE media team on 027 442 2141.

‍

‍

‍

‍