In January, Microsoft were made aware of four separate bugs relating to their Exchange Server software. Since then, they have been working feverishly to release critical security patches for these issues before the knowledge and subsequent exploitation of these vulnerabilities became too widespread.
As a result of their efforts, Microsoft released these patches earlier this month– and with them came full awareness of these vulnerabilities. So now, the push is on to make certain that all Exchange Servers have these patches applied before they are compromised by a new variant of ransomware specifically targeting these exploits, as announced by Microsoft late last week.
Fortunately, the majority of Altitude Innovations Clients are already protected from these vulnerabilities, having made the decision to move to Exchange Online. As part of their Office 365 Subscription, their emails are hosted & managed by Microsoft in Exchange Online – which is unaffected by these vulnerabilities. For some though, who weren’t ready to adopt the per user/per month subscription model and haven’t yet migrated their emails to the cloud, the advice from Microsoft is clear – patch now, or take emergency action to mitigate the chances of being targeted.
Anyone running any version of Exchange Server (other than Exchange Online) who is unsure how best to proceed, or who thinks this might be the catalyst to look at moving to Exchange Online and eliminating the need for constant patching is urged to contact the Innovations Team without delay.