TTCSIRT-392.04.15.21 TTCSIRT ADVISORY- APPLY MICROSOFT APRIL 2021 SECURITY UPDATE TO MITIGATE NEWLY DISCLOSED MICROSOFT EXCHANGE VULNERABILITIES

TTCSIRT-392.04.15.21 TTCSIRT ADVISORY- APPLY MICROSOFT APRIL 2021 SECURITY UPDATE TO MITIGATE NEWLY DISCLOSED MICROSOFT EXCHANGE VULNERABILITIES

Microsoft’s April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019.

An attacker could exploit these vulnerabilities to gain access and maintain persistence on the target host.

The Cybersecurity & Infrastructure Security Agency (CISA) strongly urges organizations to apply Microsoft’s April 2021 Security Update to mitigate against these newly disclosed vulnerabilities.

Note: the Microsoft security updates released in March 2021 do not remediate against these vulnerabilities.

In response to these the newly disclosed vulnerabilities, CISA has issued Supplemental Direction Version 2 to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities.

ED 20-02 Supplemental Direction V2 requires federal departments and agencies to apply Microsoft’s April 2021 Security Update to mitigate against these significant vulnerabilities affecting on-premises Exchange Server 2016 and 2019.

For more insight on this vulnerability and to be aware of the current mitigation instructions please follow the links below:

The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review and apply the necessary updates.