Update August 25, 2021:
Microsoft strongly recommends that you update your servers with the most recent security updates available.
- CVE-2021-34473 (ProxyShell)
- CVE-2021-34523 (ProxyShell)
- CVE-2021-33766
Today is Update Tuesday – our commitment to provide a predictable monthly schedule to release updates and provide the latest protection to our customers. Update Tuesday is a monthly cycle when Microsoft releases patches for vulnerabilities that we have found proactively or that have been disclosed to us through our security partnerships under a coordinated vulnerability disclosure. As a best practice, we encourage customers to turn on automatic updates.
Recent events have shown, security hygiene and patch management are more important than ever as the industry works to protect from both sophisticated and common cybercriminal activity. First and foremost, it is really important that our customers are on the latest version of software with up-to-date security updates. Microsoft is committed to supporting our customers and we urge customers to make every effort to update their software to the latest supported version and install security updates as soon as possible to help protect from today’s dynamic threat landscape. It is common for attackers to shift their efforts to exploit recently disclosed vulnerabilities before the latest updates or patches are installed, which is why it is so important that customers always install the most recent updates.
This month’s release includes a number of critical vulnerabilities that we recommend you immediately install, including updates that protect against new vulnerabilities in on-premises Exchange servers. These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen these vulnerabilities used in attacks against our customers. However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats. Customers using Exchange Online are already protected and do not need to take any action. More information on installing these updates is available in our Exchange Team blog.
More details on all of this month’s updates can be found in the Security Update Guide.
Security is a journey that evolves with changes in the threat landscape. We remain committed with our partners in the security community to build resiliency as a global community through regular updates and security best practices such as our Zero Trust approach, layered defense in depth, and assume breach philosophy, which are all proven to reduce the effects of an attack. We encourage others to do the same. More information on best practice can be found in the following resources:
MSRC Team