New York State Department Of Financial Services Issues Cybersecurity Alert To Regulated Entities Concerning Microsoft Exchange Email Servers Date 09/03/2021 The New York State Department of Financial Services (“DFS”) today issued the following industry letter to all of its regulated entities following the recent discovery of cybersecurity vulnerabilities in Microsoft Exchange Server. To: Chief Executive Officers, Chief Information Officers, Chief Information Security Officers, Senior Information Officers, and Data Privacy Officers of all Regulated Entities From: Cybersecurity Division, Department of Financial Services Re: Microsoft Reports Exploitation of Four Vulnerabilities in Microsoft Exchange Server Date: March 9, 2021 In recent days, thousands of organizations were compromised via zero-day vulnerabilities in Microsoft Exchange Server. On March 2, 2021, Microsoft made patches available for these vulnerabilities but many organizations were compromised either before the patches were available or before the patches were applied.