Situational Report on Microsoft Exchange Vulnerabilities

Back to all publications

Publication date:March 19, 2021

This ENISA situation report provides an assessment as well as advice and mitigation measures for the MS Exchange vulnerabilities. The threat for the new updates has been assessed as severe and ENISA considers attacks probable and of high risk. The Agency calls on organisations using affected Microsoft Exchange versions to patch the flaws immediately and thoroughly investigate for potential signs of compromise. MS Exchange vulnerabilities once exploited may lead to network compromise, data exfiltration and ransomware attacks. Across the EU, an increasing number of MS Exchange installations have also been found to be the target of malicious attacks.