Guidance for partners on critical Exchange Server security updates
On Tuesday, March 2, 2021, Microsoft released security updates for multiple on–premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group that we are calling Hafnium. The vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.
The versions affected are:
1. Microsoft Exchange Server 2013
2. Microsoft Exchange Server 2016
3. Microsoft Exchange Server 2019
4. Microsoft Exchange Server 2010 is being updated for Defense in Depth purposes.
To minimize or avoid impacts of this situation, Microsoft highly recommends that you take immediate action to apply the updates for any on-premises Exchange deployments you have or are managing for a customer or advise your customer of the steps they need to take.
To be abreast of this situation as it evolves, we would request you to keep reading the Microsoft Security Response Center and Exchange Team blogs for the latest information.