If your one of the many networks that are still running an on-premise Exchange server you need to read this post or show it to the people responsible for your Exchange infrastructure about new Critical Exchange Server Vulnerabilities which have been revewaled.
Microsoft have identified, with the help of security researchers, several security vulnerabilities with Microsoft Exchange server which affects versions 2010 through to 2019.
The vulnerability affects a bad actor getting access to the server using an exploit within the OWA Secure Socket Layers( SSL) data transfer.
The exploit allows potential access to the server and onward network. These exploits are also categorised as O-Day exploits.
These exploits do not affect Microsoft Hosted Exchange and Office 365.
Microsoft have also explained that these at attack vectors have been used by Chinese state sponsored groups to target western targets.
Which also details mitigation’s which can be made. As ever, the best way of preventing these things so far as you can, is by keeping your systems up to date is critical in these uncertain times.
If you do still use on-premise exchange please get in touch and ask about an exchange health check. Also consider migrating to Office 365.