You may have seen reports of "zero-day" vulnerabilities discovered in Microsoft Exchange. These vulnerabilities have been exploited to gain access to the email and networks of some Exchange Server users. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive following the release of fixes for these vulnerabilities.

Affinity is aware of these vulnerabilities and is responding accordingly where relevant across our client base. Here is what you need to know:

• Microsoft 365 Exchange Online has not been affected. These vulnerabilities only impact Microsoft Exchange Server. So, your company is only impacted if you (or a third-party hosting company) are using an on-premise version of Microsoft Exchange Server.

• If your company uses Microsoft Exchange Server, rest assured that Affinity is applying the appropriate patches to maintain your company's security.

Unfortunately, Zero-Day vulnerabilities are a part of life in the current, ever-evolving security landscape. The key is remaining vigilant, and acting quickly and appropriately when they occur. Affinity’s Security Team is constantly monitoring for new vulnerabilities, and poised to act to close them when they arise.