This is intended only as a temporary measure to help you protect vulnerable machines right now. The availability of these updates does not mean that you don't have to keep your environment current. Here's how the Exchange team expressed that sentiment: IT pros still need to keep Exchange Server current with the latest cumulative updates. These patches from the Microsoft Download Center are deemed to be just a temporary measure to quickly patch Exchange Server implementations. However, IT pros will have to download them from the Microsoft Download Center first before applying them - they are not arriving automatically via the Microsoft Update service. In an unusual and merciful step, Microsoft's Exchange team described the availability of patches for the zero-day flaws that don't require having the latest cumulative updates installed on Exchange Servers.
Microsoft had released four out-of-band security patches last week to address zero-day vulnerabilities under active exploit by a nation-state actor, dubbed "Hafnium." However, those security updates for Exchange Server 2019, 2016, 20 products require having the latest cumulative updates installed first, before applying these new zero-day fixes. Microsoft's Exchange team on Monday announced additional help for organizations having trouble trying to patch Exchange Server products quickly in response to the Hafnium attacks.
0 kommentar(er)
