Have Any Questions?
Call Now +353 1-211-8666

HAFNIUM Zero-Day On-premise Exchange Server Attack

What is it?

 
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed the installation of additional malware to facilitate long-term access to victim environments.
 

What is the Impact?

 
There are reports as many as 30,000 organisations have been compromised and we expect this figure to keep growing in an unprecedented email server hack, believed to have originated from a state-sponsored Chinese hacking group known as Hafnium.

 

The impact can be fatal as the hack can grant SYSTEM level access to your Exchange Server.

 

Are my systems vulnerable?

 
The Microsoft Exchange Server team has published a blog post on these new Security Updates providing a script to get a quick inventory of the patch-level status of on-premises Exchange servers and answer some basic questions around the installation of these patches.
 

How do I mitigate this threat?

 
The Exchange Server team has created a script to run a check for HAFNIUM IOCs to address performance and memory concerns. That script is available here: https://github.com/microsoft/CSS-Exchange/tree/main/Security.
 

Related Posts

Leave a Reply