Microsoft: Update On-Premises Exchange Server Now

Written by

Microsoft has urged administrators of on-premises Exchange servers to keep them patched and updated, warning that attackers “are not going to go away.”

The tech giant’s Exchange Team advised in a blog post yesterday that customers install the latest available Cumulative Update (CU) and Security Update (SU) on all servers, and in some cases Exchange Management Tools workstations.

CUs are designed to streamline the patching process by bundling multiple fixes into a single update. SUs are installed on top of these.

Both are cumulative, so organizations only need to install the latest ones.

“You install the latest CU, then see if any SUs were released after the CU was released. If so, install the most recent (latest) SU,” Microsoft explained.

At the time of writing, the most recent versions are CU12 for Exchange Server 2019CU23 for Exchange Server 2016 and CU23 for Exchange Server 2013, and the latest SU is the January 2023 SU.

“Attackers looking to exploit unpatched Exchange servers are not going to go away. There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts,” Microsoft warned.

“First, user mailboxes often contain critical and sensitive data. Second, every Exchange server contains a copy of the company address book, which provides a lot of information that is useful for social engineering attacks, including organizational structure, titles, contact info and more. And third, Exchange has deep hooks into and permissions within Active Directory, and in a hybrid environment, access to the connected cloud environment.”

Threat actors have exploited on-premises Exchange Server deployments multiple times in recent years, most notably in the ProxyLogon attacks of March 2021 and the targeting of ProxyNotShell bugs that were patched November 2022.

Microsoft urged system administrators to always run HealthChecker after installing an update to check if there are any additional manual tasks to perform.

Editorial credit icon image: monticello /

What’s hot on Infosecurity Magazine?