Community Alert: New Microsoft Exchange Vulnerability

A new remote code execution vulnerability is affecting on-premises Microsoft Exchange Servers 2013, 2016 and 2019 and servers in Exchange Hybrid Mode. The identified vulnerability is a Remote Code Execution (RCE) vulnerability which, when exploited, allows an attacker to execute commands remotely on a targeted system to gain privileged access, deploy malware, move laterally to additional systems, and more. This is ranked as a high-severity vulnerability and hackers are targeting unpatched Exchange servers in the wild. LMG urges all organizations to immediately patch, then check and determine whether your organization has been impacted by this vulnerability. Read our advisory for more information and advice on next steps.