The issue is being tracked as CVE-2021-42321 and impacts both Exchange Server 2016 and 2019.
Even worse is that Microsoft reports that this issue has been found being exploited in the wild. It is important to note that the security flaw only impacts “on-premises” Exchange Servers including those in Exchange Hybrid mode. So if you use Exchange Online you are not at risk.
It has been a tough year for Microsoft Exchange Server.
Beginning in March of this year (2021) the company faced a massive wave of attacks that were apparently launched by a number of state-backed threat actors. This first wave relied on ProxyLogon exploits and where they were successful they deployed cryptominers, ransomware, web shells, and other malware strains. They infected as many targets as they could reach.
A bit later in July a new wave of attacks began targeting the US EU and the UK. Ultimately the blame for these attacks was laid at the feet of China. These attacks relied heavily on Windows PetitPotam exploits and sought to deploy LockFile ransomware on infected systems.
Exchange Server Admins have been feeling the heat this year. The good news is that the wave attacks mentioned above seem to have abated and there’s a fix available for the most recently discovered issue.
If you run an Exchange Server either on-site or in Hybrid Mode save yourself some time and headaches by downloading and installing the latest patch as soon as possible. There’s no need to make more work for yourself than is necessary and you certainly want to do all you can to minimize your risk.