Perform Security Updates for Exchange 2013 Now
It is not often for Microsoft to release security patches for products that are past its End-of-Life (EOL), but the Redmond company has recently released an emergency security patch for Exchange 2013 as a result of recent and widespread attacks that have targeted the vulnerable mail server.
Newly disclosed vulnerabilities that affect Exchange 2013 have prompted Microsoft to release these emergency security updates, as organizations worldwide have been slow to update to newer versions of the mail server such as Exchange 2019.
Although rare, it is not completely unprecedented for Microsoft to issue security updates and hotfixes for products that have long past its EOL. The infamous WannaCry ransomware attacks of 2017 have prompted the company to issue patches for Windows XP – a 12-year-old operating system Microsoft has stopped supporting three years earlier.
Microsoft has stated that the recent security patches do not mean that Exchange 2013 is once again supported. The company urges that organizations that are still using this version of Exchange to update to the current Exchange 2019. The security updates only address four specific zero-day vulnerabilities that are known with Exchange 2013. These patches are intended to be temporary measure that will Even with the updates applies, companies that are still on the outdated mail server will continue to be vulnerable to other attacks.
The patches are for the following versions of Exchange
- Exchange Server 2010
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
Exchange Server 2013 users must have the latest cumulative update (CU23) installed. Exchange Server 2016 must have CU19 and Exchange Server 2019 will require CU8.
The emergency security updates after it has been discovered that China-backed hackers have successfully exploited Exchange Server 2019 and older versions. This revelation comes a few months after the SolarWinds fiasco wherein computer hackers connected with the Russian state have used modified software from the company to spy on U.S. agencies. With much of the workforce still continuing to work remotely as a result of the global pandemic, computer security experts strength their call for companies and organizations to migrate to cloud-based solutions over on-premises services.
Exchange Server 2019 continues to be a secure and mature email platform despite this recent security incident. Microsoft has demonstrated that they are quickly able to address vulnerabilities and roll out security updates – even for older and unsupported versions of Exchange Server. Large corporations everywhere continue to use Exchange Server as a crucial part of its email infrastructure.
However, companies who have yet to make investments for an on-premises email server are highly encouraged to consider cloud-based email solutions instead. Microsoft Office 365 is the gold standard for cloud-based work productivity software including email. With Office 365, it is no longer incumbent for the end user to ensure up-to-date security patches are installed. Office 365 users enjoy automatic updates against security threats. Applying updates to Exchange normally entails some email downtime. That is not the case for Office 365.
With an on-premises Exchange Server solution, it is the responsibility of an organization’s IT team to ensure that backups are constantly being updated. All of this effort means an increase in cost in terms of hardware and manhours. With Office 365, files are automatically saved as they are being worked on. And with Microsoft OneDrive, backup files are created on the cloud in real time.
For Organizations Wishing to Remain With Exchange Server
Maintaining a secure and up-to-date Exchange Server is a fulltime job. The cost in terms of equipment and labor required can easily overwhelm a small business if they chose to manage their mail servers themselves. Managed Service Providers (MSPs) can help offload this responsibility for its clients. Essentially, an MSP becomes a company’s own IT department – but without the associated costs of hiring and training a fulltime in-house IT staff. The maintenance of Exchange Servers and all other computer and networking infrastructure are all part of what an MSP would do for its clients. This allows an organization to enjoy the complete control of their on-premises IT infrastructure, but without the headaches and at a reduced cost compared to having an internal IT staff.