Blog Post

Exchange Team Blog
6 MIN READ

Released: March 2021 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Mar 02, 2021
Note: this post is getting frequent updates; please keep checking back. Last update: 3/19/2021 Microsoft has released a set of out of band security updates for vulnerabilities for the following ver...
Updated Mar 19, 2021
Version 44.0
announcements
Exchange 2010
Exchange 2013
exchange 2016
exchange 2019
on premises
security
Nino_Bilic's avatar
Nino_Bilic
Icon for Microsoft rankMicrosoft
Mar 05, 2021

jimmygrec 

The thing to realize is that when vulnerabilities were publicly disclosed, others (not just HAFNIUM) had the necessary knowledge to start exploiting the vulnerabilities. Based on what I have seen, vast majority of entries in logs that I have seen are from the day of disclosure and later (vs. earlier, which would be a stronger indication of HAFNIUM related activity). As it usually happens with those things, when vulnerabilities get disclosed, all kinds of other actors jump in and start exploiting the vulnerability.

And this is why we are urging folks to update immediately and not wait for anything. Update now, ask questions later. Don't even search the logs; update and then search the logs. Updating will not wipe the logs.