Security Advisory Notice - Microsoft Exchange

Summary

Our Hackbusters team have issued this advisory bulletin from Microsoft regarding a critical vulnerability affecting Microsoft Exchange Servers. The exploit named 'Hafnium' initially targeted entities in the United States for the purpose of exfiltrating information from a number of industry sectors but is now spreading globally. While Hafnium is based in China, it conducts its operations primarily from leased Virtual Private Servers (VPS) in the United States.


Scope

The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). As of 9 March 2021, it has been estimated that 250,000 servers had already fallen victim to the attacks. This includes servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority and the Norwegian Parliament.

Note: If you are within a 100% cloud solution such as Office 365/Microsoft 365 environment, then this vulnerability may not affect you.

Actions

To protect your organization, Microsoft recommends organizations install the latest security patch as soon as possible.


Patch Links:

  1. March 2, 2021 Security Update Release - Release Notes - Security Update Guide - Microsoft

  2. CVE-2021-26412

  3. CVE-2021-26854

  4. CVE-2021-26855

  5. CVE-2021-26857

  6. CVE-2021-26858

  7. CVE-2021-27065

  8. CVE-2021-27078


We recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise Microsoft shared here.

Cyberboxx policyholders affected by this vulnerability and need help from the Hackbusters team to address the mitigation actions, please contact your BOXX representative for assistance.

For additional information, please refer to the following resources:

As always, we will continue to be vigilant in monitoring for the latest cyber threats and vulnerabilities.



For more information, please feel free to contact the following:


Vishal Kundi: vishal.kundi@boxxinsurance.com

Michelle Diniz: michelle.diniz@boxxinsurance.com

Chris Masaki: chris.masaki@boxxinsurance.com

Mike Senechal: mike.senechal@boxxinsurance.com

1,147 views

Related Posts

See All