SMBs need to take immediate action on Microsoft Exchange vulnerabilities

SMBs need to take immediate action on Microsoft Exchange vulnerabilities
Christopher Budd, 8 March 2021

The Microsoft Exchange patches have led to exploitation of major vulnerabilities. What all small and medium sized businesses (SMBs) need to do immediately.



There’s been a lot in the news recently about a new series of vulnerabilities affecting Microsoft Exchange and attacks against those vulnerabilities. According to security writer Brian Krebs, over 30,000 organizations in the United States -- and possibly hundreds of thousands of organizations globally -- have been compromised by attacks against these vulnerabilities.
This is a situation that can disproportionately affect small and medium sized businesses (SMBs) and other smaller organizations, like state and local governments.
This blog post is meant to help those organizations better understand the situation and what they need to do. There’s a lot of information out there, but it’s mainly by security teams for other security teams and so it may not be clear what’s going on and what you need to do, if anything.
Does this affect you?The first thing to do is determine if this even applies to you.
The vulnerabilities in question only affect Microsoft Exchange email servers. This means that if your business or organization doesn’t use Microsoft Exchange at all, you’re not affected and don’t have to worry about it (and you can stop reading this). For example, if your organization uses Google GSuite for email, you’re not affected.
If you do use Microsoft Exchange, the next question is: Do you have actual servers hosting Exchange or are you using Microsoft’s cloud-offering of Exchange through Office365?If you use Office365, you don’t have to worry: Microsoft has ..