Connect with us

Hi, what are you looking for?


Risk Management

Microsoft Exchange Server 2013 Reaches End of Support

Microsoft Exchange Server 2013 has reached end of support on April 11, 2023, and will no longer receive security patches.

Microsoft Exchange Server 2013 has reached end of support on April 11, 2023, and will no longer receive security patches.

The product will continue to work even after this date, but Microsoft is no longer providing technical support, bug fixes for usability and stability issues, time zone updates, and, importantly, fixes for vulnerabilities that could expose servers to hacker attacks.

Microsoft reminded users in February about Exchange Server 2013 approaching end of support, advising them to migrate to Exchange 2019 or Exchange Online (Microsoft 365 or Office 365). 

The tech giant has provided detailed instructions for users who have yet to migrate. The company has made no mention about extended support being available. 

It’s important that organizations stop using Exchange 2013 considering that the product has often been targeted in attacks, including by profit-driven cybercriminals and state-sponsored threat actors

“Attackers looking to exploit unpatched Exchange servers are not going to go away,” Microsoft warned in January. 

The US Cybersecurity and Infrastructure Security Agency (CISA) is currently aware of 16 Microsoft Exchange vulnerabilities that have been exploited in the wild. The list includes the flaws tracked as ProxyShell and ProxyNotShell.

Advertisement. Scroll to continue reading.

A variation of ProxyNotShell was exploited in the ransomware attack targeting cloud company Rackspace. 

Despite warnings and high-profile incidents, many organizations fail to install patches, providing attackers with tens of thousands of potential targets to choose from. 

Exchange Server 2013 reached end of support three months after Windows 7 Extended Security Updates (ESU) and Windows 8.1 reached their end of support dates.

Related: Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April

Related: Microsoft Urges Customers to Patch Exchange Servers

Related: Microsoft Confirms Exploitation of Two Exchange Server Zero-Days

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...