On-Premise Microsoft Exchange Server — Zero-Day Vulnerability

“On-Premise” usually refers to keeping physical server(s) within the company. Although many are quick to look to this as the best solution however, it is recommended on exceptional cases only and it is not always the best solution.


– The hardware and data belongs to the business with full control.

– In-house Exchange Server enables simpler integration to external systems that will work with MS Exchange. Examples: File-Smart & Mail-Store, etc.

– Server updates, re-starts, backups and shutdowns can be controlled and conducted at a time convenient to the business.

– Upgrades and Server configuration changes can be applied to the infrastructure at a time that is convenient to the business.

– Complete email archiving together with sophisticated search facilities.

– Public Folders allowing the sharing of one Mailbox to all users.

– Supports ability to configure multi-level and high- level security.


– Hardware maintenance and issues become the responsibility of the business to resolve.

– Large initial investment in Hardware, Software and associated Licensing.

– Server Maintenance requires approximately 2–4 hours per month, more than the cloud solution.

– Additional IT skills will be required to Support the Exchange Server and associated infrastructure.

– Reliability & Uptime of internally hosted Exchange Server is completely dependent on the Exchange Server configuration and the level of investment in infrastructure to successfully host an Exchange Server.

New Vulnerabilities

Microsoft recently contacted partners to alert us of an on-premise Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group. The vulnerabilities exist in on-premises Exchange Servers 2013, 2016, and 2019. Exchange Online is not affected.

Immediate action recommended by Microsoft to drive remediation steps and they include:

  • Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments you have at your business, are hosting and managing for a customer.

Resources — Exchange patch information

Contact us if you require help with your on-premise Microsoft Exchange server or any other Microsoft Product.

info@gigasecintl.com | 0815 444 2732



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gigasec Services Limited

We design solutions that enable our clients monitor and control assets and resources in the field from anywhere leveraging on Internet Protocol Technology.