Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities disclosed on March 2, 2021.
d-PIT and Microsoft encourages organizations to upgrade their on-premises Exchange environments to the latest supported version. If an organization is unable to immediately apply the updates, CISA strongly recommends they apply the alternative mitigations found in Microsoft’s blog on Exchange Server Vulnerabilities Mitigations in the interim.
For more information about these vulnerabilities, see:
- Microsoft Blog: Multiple Security Updates Released for Exchange Server
- Microsoft Blog: Microsoft Exchange Server Vulnerabilities Mitigations