The guidance states admins should treat on-prem Exchange servers as being "under imminent threat," and itemizes key practices for admins: First, it notes, "the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)"; It points out that Microsoft Exchange Server Subscription Edition (SE) is the sole supported on-premises version of Exchange, since Microsoft ended support for previous versions on October 14, 2025; It urges admins to ensure Microsoft's Emergency Mitigation Service remains enabled for delivery of interim mitigations; Maintaining a security baseline enables administrators to identify non-conforming systems and those with incorrect security configurations, as well as allowing them to perform rapid remediation that reduces the attack surface available to an adversary;
In July, Microsoft fixed a flaw in its file sharing service SharePoint that was already being exploited by attackers. Later that month, Microsoft warned that hackers were making use of the zero-day to distribute ransomware, adding even more risk to the serious vulnerability. The SharePoint flaw is just one example of attackers becoming faster at exploiting vulnerabilities before they can be properly addressed by vendors and patched by organizations.