Patch Your Microsoft Exchange Servers Now!!

You might have received a communication from Microsoft to update on your premise installations immediately due to the recent discovery of a serious four zero-day vulnerability.
Page Top

Patch Your Microsoft Exchange Servers Now!!

Suppose you are an administrator of Microsoft Exchange Server. In that case, you might have received a communication from Microsoft to update on your premise installations immediately due to the recent discovery of a serious four zero-day vulnerability.

Microsoft Corporation shared the information with their customers and the security community to emphasize the vulnerabilities’ criticality. To protect institutions and companies regardless of the size, Microsoft has insisted on the importance of patching all the affected systems immediately for protection against the exploits and prevention of future abuse across the ecosystem.

According to Microsoft, Hafnium, which is believed to be state-sponsored, has worked hard to exploit bugs and other malware programs to long-term access the victim environments.

As addressed in the Microsoft security response center (MSRC) release, multiple security updates were released for the exchange server. After exploiting the victim’s server’s existing vulnerabilities, web shells were deployed on the compromised server by the Hafnium operators.

Microsoft advises that to limit an initial compromise from happening, your system can be hardened by ensuring the total restriction of untrusted connections by isolating the Exchange servers from external connections that can successfully be done using Virtual Private Network (VPN).

It is also worth noting that this will only protect against the initial threat, meaning that other portions could be triggered if the actor has already established access into the system.

Due to the high level of seriousness on this issue, Microsoft is not waiting to distribute the updates, which would have been during the patch Tuesday. Patching is planned to serve Exchange Server 2013, 2016, and 2019, including a defense update for Exchange Server 2010 that runs Service Pack 3. The same alert was echoed by the U.S Cybersecurity and infrastructure agency and the federal government’s Canadian Center for Cyber-security.

What does this mean for the Microsoft Exchange Server users?

In today’s world, every business target is to migrate its servers to the cloud; however, it does not mean any harm to run Microsoft Exchange onsite if there is IT for proper administration.

There are also some reasons that the company may consider before hosting in the cloud, such as the owner’s mentality of having their servers and data being administered virtually. Other reasons may be the business operations, which might be data-intensive, which might heavily rely on a local exchange server, or the total cost savings associated with the server’s data.

For the business that has already established an onsite team, which is already being paid for, many arguments may arise that leans on self-hosting the mail system instead of migrating to Office 365.


ChaceTech’s recommendation suggests that small businesses should invest in Office 365 instead of the self-hosting Microsoft exchange, primarily if they mainly rely on outsourced IT services. This is because of security risks and the overheads that are associated with improper maintenance of self-hosted services.

Many things come into play in self-hosting, such as appropriate setup, spam protection, and regular attention to patching the Microsoft exchange software, the server, and many more. If proper attention is not continually given to the onsite system, it will be prone to poor performance and reliability.

In summary, it does not matter whether you are using the self-hosting Microsoft Exchange or Office 365; the most critical issue is to ensure that you have an all-seasoned able IT expert team to administer your Microsoft Exchange Server environment. Self-hosting companies should ensure that they address the most recent vulnerability as described in this link below. It does not stop there. If your company is self-hosted and you need help to either migrate to Office 365 or patching, ChaceTech is your answer!

Information Technology Aligned With Your Business Goals?
ChaceTech is a complete IT services & IT support company working with organizations in Houston and across Harris County.