16.03.2021 Microsoft Exchange Vulnerabilities Exploited in the Wild

by Elena Lapina

On 2 March 2021, Microsoft released emergency security updates for Microsoft Exchange servers to fix four vulnerabilities  actively exploited by a state-sponsored threat actor.


  • The same week, Microsoft and several government organizations published reports on a widespread exploitation of the  flaws in an attack chain now dubbed ProxyLogon.
  • On 8 March, Microsoft released additional updates for some older (and unsupported) Cumulative Updates (CUs) as a temporary measure to help protect more vulnerable machines.
  • At the time of reporting, several examples of working proof-of-concept (POC) code have been released publicly, as well as reports on the exploitation of these flaws by multiple threat actors.

Why it’s important

  • We recommend reviewing the list of products affected to determine if you are running a vulnerable Microsoft Exchange server.
  • Any organization running an instance of vulnerable Microsoft Exchange that is exposed to the internet would likely have had attempts to breach their system.
  • ·If you running a vulnerable version, disable remote access to the Exchange server and review product logs for evidence of exploitation.
  • If any evidence of compromise is uncovered, additional analysis should be performed, and the system should be rebuilt from a clean back-up.
  • Otherwise, apply the patches and ensure your Microsoft Exchange Server is securely configured.

References: Microsoft, CISA


Request Demo

Fill out the form and we will send you details about our demo.