WorkSmart is aware of the vulnerabilities being used to attack on-premise versions of Microsoft Exchange Server. We have confirmed that our clients using Exchange have the updated security patches already installed, and thus are protected. WorkSmart does not use the on-premise version of Microsoft Exchange. Microsoft confirmed that Exchange Online, the hosted email service provided by Microsoft 365, is not affected.
Taking advantage of flaws in the software, cybercriminals use unpatched Exchange servers to gain entry to networks. They can get access to email accounts and, in some cases, leads to ransomware infections.
- The attacks are not limited, as there are multiple actors targeting unpatched email servers.
- It is estimated that more than 60,000 organizations have been affected, including government institutions, large corporations, and small businesses.
To protect against these exploits, Microsoft urges all organizations with Exchange to apply the security fixes, or patches, immediately. These are available for download from the Microsoft Download Center.