Microsoft is contacting you urgently through this post on the website of Queue Associates Worldwide UK, Ltd. — a Microsoft Gold-certified Partner — to alert you about Microsoft’s release of patches for multiple different on-premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group.
The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019. Exchange Online is not affected. We wanted to ensure you were aware of the situation and would ask that you help drive immediate remediation steps.
Specifically, to minimise or avoid the impacts of this situation, Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments that you have. The first priority being servers that are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).
To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release).
Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010).
We also recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise that we shared here.
We are committed to working with you through this issue. Please let us know if you need additional help by contacting the Queue Associates Worldwide UK, Ltd. Helpdesk:
+44 020 7549 1606
Resources and Information About this Issue
Exchange Patch Information
CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability (public)
CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability (public)
CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability (public)
CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability (public)