Microsoft Exchange Server 2013 has reached end of support on April 11, 2023, and will no longer receive security patches. The product will still work, but Microsoft is no longer providing technical support, bug fixes, and time zone updates. Furthermore, there will be no fixes for vulnerabilities that could be exploited by hackers. Microsoft has provided detailed instructions for users who have yet to migrate and have made no mention of extended support for the platform.
Considering Exchange 2013 has been targeted in attacks, including by profit-driven cybercriminals and state-sponsored threat actors, it is important that organizations stop using it. Microsoft warned in January that attackers will continue to exploit unpatched Exchange servers. The US Cybersecurity and Infrastructure Security Agency (CISA) is currently aware of 16 Microsoft Exchange vulnerabilities that have been exploited in the wild.
Despite warnings and high-profile incidents, many organizations fail to install patches, providing attackers with tens of thousands of potential targets to choose from. Exchange Server 2013 reached end of support three months after Windows 7 Extended Security Updates (ESU) and Windows 8.1 reached their end of support dates.
Organizations are advised to migrate to Exchange 2019 or Exchange Online (Microsoft 365 or Office 365) as soon as possible to ensure their system stays secure and up to date. It is important to keep track of end of support dates for all systems and software, and to plan and prepare for the necessary migrations.
Key Points:
- Microsoft Exchange Server 2013 has reached end of support and will no longer receive security patches.
- Organizations are advised to migrate to Exchange 2019 or Exchange Online (Microsoft 365 or Office 365).
- Exchange 2013 has been targeted in attacks by profit-driven cybercriminals and state-sponsored threat actors.
- Many organizations fail to install patches, providing attackers with tens of thousands of potential targets.
- It is important to keep track of end of support dates for all systems and software.