If your organisation is running Microsoft Exchange servers on premises, you need to take immediate action.
See the Australian Cyber Security Centre high priority alert for a summary of the threat and links to the patches: Exchange server critical vulnerabilities | Cyber.gov.au.
Microsoft has also published a summary blog to customers: Protecting on-premises Exchange Servers against recent attacks – Microsoft Security. This blog contains links to relevant security updates as well as recommended steps to take and tools to help.
It is essential that you determine as soon as possible whether your system has been affected and, if so, take remedial action!
If you use a Managed Service Provider (MSP) to manage your IT, check with them to determine if you are at risk. Not all servers are affected, and Microsoft does not believe cloud-based services such as Microsoft 365 are affected by this vulnerability.
For those without a dedicated security team, Microsoft has released a one-click mitigation tool as an interim measure: One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 – Microsoft Security Response Center.
Patching is necessary; but patching alone is not sufficient. Malware may have been introduced and this could make your system vulnerable to further attacks. Several criminal gangs are already exploiting this vulnerability.
If you’re an Emergence insured who relies on on-premises Exchange and tools have detected anything malicious, call the Emergence reporting line on 1300 799 562 or notify Emergence in writing at: firstname.lastname@example.org.
Finally, we recommend all insureds who have not yet done so to strengthen their security by enabling multi-factor authentication on all services, wherever it’s available.