Microsoft recently announced the discovery of a critical vulnerability in its Exchange Server products: attackers of any sophistication level can easily exploit these flaws. Microsoft has urged companies that use on-premise Exchange servers or have servers with “OWA” websites available to the internet for any reason to apply these fixes as soon as possible, as well as review their networks for any indicators of compromise (IOCs).
Owing to variations in how email is hosted, this exploit does not exist for organizations that have moved to Microsoft 365. Since the majority of our clients use Microsoft 365, only a handful of Sentryon IT's clients have been affected by this vulnerability.