Security Advisory Notice - Microsoft Exchange

Summary

Our Hackbusters team have issued this advisory bulletin from Microsoft regarding a critical vulnerability affecting Microsoft Exchange Servers. The exploit named 'Hafnium' initially targeted entities in the United States for the purpose of exfiltrating information from a number of industry sectors but is now spreading globally. While Hafnium is based in China, it conducts its operations primarily from leased Virtual Private Servers (VPS) in the United States.


Scope

The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). As of 9 March 2021, it has been estimated that 250,000 servers had already fallen victim to the attacks. This includes servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority and the Norwegian Parliament.

Note: If you are within a 100% cloud solution such as Office 365/Microsoft 365 environment, then this vulnerability may not affect you.

Actions

To protect your organization, Microsoft recommends organizations install the latest security patch as soon as possible.


Patch Links:

  1. March 2, 2021 Security Update Release - Release Notes - Security Update Guide - Microsoft

  2. CVE-2021-26412

  3. CVE-2021-26854

  4. CVE-2021-26855

  5. CVE-2021-26857

  6. CVE-2021-26858

  7. CVE-2021-27065

  8. CVE-2021-27078


We recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise Microsoft shared here.

Cyberboxx policyholders affected by this vulnerability and need help from the Hackbusters team to address the mitigation actions, please contact your BOXX representative for assistance.

For additional information, please refer to the following resources:

As always, we will continue to be vigilant in monitoring for the latest cyber threats and vulnerabilities.



For more information, please feel free to contact the following:


Vishal Kundi: vishal.kundi@boxxinsurance.com

Michelle Diniz: michelle.diniz@boxxinsurance.com

Chris Masaki: chris.masaki@boxxinsurance.com

Mike Senechal: mike.senechal@boxxinsurance.com

205 views
BOXX Insurance Email Signature_Cyberboxx
  • LinkedIn - BOXX Insurance
  • Facebook - BOXX Insurance
  • Instagram - BOXX Insurance
  • Twitter - BOXX Insurance

© 2021 BOXX Insurance. All rights reserved. Cyberboxx is a product and brand name provided by the underwriting division of BOXX Insurance Inc. “Think Inside the Boxx” and “Outsmarting Cyber Risk Together” are trademarks of BOXX Insurance Inc.