Skip to main content

Advisory Type: IT Security
Severity: High Severity

Summary:

PDS is providing the following communication to build awareness of a critical vulnerability affecting Microsoft Exchange Server.

On November 9, 2021, Microsoft published November 2021 Exchange Server Security Update disclosing that a remote code execution vulnerability exists in on-premises instances of Exchange Server 2013, 2016, and 2019. The vulnerability is being actively exploited. A malicious actor leveraging the vulnerability could run arbitrary code using the System User privileges. Patches are available, as well as information on determining if the exploit has been attempted.

We strongly advise customers to review the Microsoft advisory and patch all vulnerable on- premises Exchange Servers. PDS Architects are available to assist with the assessment and mitigation, your Account Director can assist in arranging support for this issue.