Blog / URGENT—Exchange Server Vulnerability Update

On Wednesday March 3rd we detailed a server “zero-day” security vulnerability discovered in Exchange Server 2010, 2013, 2016 and 2019. At the time it was noted that while the vulnerability had been exploited prior to the patches being available, Microsoft had suspected that only a handful of high-profile organizations had been compromised by a Chinese based hacking group.

Over the weekend rumors surfaced that hinted at exploits of this vulnerability being much more widespread than initially anticipated. Today, March 9th, Microsoft has updated their position on the reach of the impact and now estimates that over 100,000 separate Exchange servers have been compromised globally by several different groups.

This new information further reinforces the severity of the situation and makes this vulnerability one of the largest cybersecurity incidents to take place in the last five years.

In our initial publication on March 3rd we outlined a plan to update the Exchange servers of all managed client servers no later than Saturday March 6th. I am happy to confirm that these updates were applied across our managed client base within this time frame and that the vulnerability has been mitigated for these servers.

Microsoft has now released tools and scripts that can be used to assess if an Exchange server was probed using this vulnerability prior to this exploit being patched. We are currently running these scripts against Exchange servers across our client base and should know within 1–2 days if any servers have been probed. If we discover any potentially compromised servers, we will complete a thorough analysis of each one to determine if it was actively exploited or only probed for accessibility..

If you have any questions regarding TRINUS’s response to this vulnerability, please feel free to contact us.