Microsoft Exchange Server Vulnerabilities

March 09, 2021

ADP is aware of the following Microsoft Exchange Server Vulnerabilities:

• CVE-2021-26855
• CVE-2021-26857
• CVE-2021-26858
• CVE-2021-27065

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server. For more details on this incident visit the Microsoft Security Response Center here.

Upon receiving reports regarding these vulnerabilities, ADP’s Global Security Organization began an investigation to determine any potential impacts to our system. At this time, we can confirm that ADP has no internet facing Exchange servers and our infrastructure has been patched according to our urgent patching protocol. None of our systems have been exposed to this vulnerability, and no intrusion has occurred. ADP’s layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates.

ADP’s Global Security Organization continues to actively monitor this situation as it does with all reported vulnerabilities. Clients are encouraged to visit ADP’s website at www.adp.com/trust to learn more about how ADP protects data, and how clients can help protect themselves.

Protecting our clients and their data from malicious activity is a top priority for ADP.