Original release date: March 5, 2021
CISA and Microsoft encourages organizations to upgrade their on-premises Exchange environments to the latest supported version. If an organization is unable to immediately apply the updates, CISA strongly recommends they apply the alternative mitigations found in Microsoft’s blog on Exchange Server Vulnerabilities Mitigations in the interim.
For more information about these vulnerabilities, see:
- Microsoft Blog: Multiple Security Updates Released for Exchange Server
- Microsoft Blog: Microsoft Exchange Server Vulnerabilities Mitigations
- CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities
- CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities