Original release date: April 13, 2021
Microsoft’s April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2016 and 2019. An attacker could exploit these vulnerabilities to gain access and maintain persistence on the target host. CISA strongly urges organizations to apply Microsoft’s April 2021 Security Update to mitigate against these newly disclosed vulnerabilities. Note: the Microsoft security updates released in March 2021 do not remediate against these vulnerabilities.
In response to these the newly disclosed vulnerabilities, CISA has issued Supplemental Direction Version 2 to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities. ED 20-02 Supplemental Direction V2 requires federal departments and agencies to apply Microsoft’s April 2021 Security Update to mitigate against these significant vulnerabilities affecting on-premises Exchange Server 2016 and 2019.
Although CISA Emergency Directives only apply to Federal Civilian Executive Branch agencies, CISA strongly encourages state and local governments, critical infrastructure entities, and other private sector organizations to review ED 21-02 Supplemental Direction V2 and apply the security updates immediately. Review the following resources for additional information:
This product is provided subject to this Notification and this Privacy & Use policy.
Systems Affected Any system running Microsoft Windows (Windows 95 and newer) that are used…
Systems Affected Microsoft Windows systems running Internet Explorer 5.01 Internet Explorer 5.50 Internet Explorer…
Systems Affected Check Point Firewall-1 NG FCS Check Point Firewall-1 NG FP1 Check Point…
Systems Affected Systems running Microsoft Windows Overview Microsoft Windows contains multiple vulnerabilities,…
Systems Affected Systems running Microsoft Office XP and Outlook 2002 Overview There…
Systems Affected Applications and systems that use the OpenSSL SSL/TLS library Overview …
This website uses cookies.