Friday 12 March 2021
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
The vulnerabilities affect Exchange Server versions 2013, 2016, and 2019, while Exchange Server 2010 is also being updated for defense-in-depth purposes. Exchange Online is not affected.
What you need to know:
A new ransomware called DearCry is deployed by threat actors after they hack into Microsoft Exchange Servers using the recently announced ProxyLogon zero days (CVE-2021-26855, CVE-2021-26857, CVE-2021-26578, CVE-2021-27065).