Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.
In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.
Microsoft said that the hacking group known as Hafnium used the four newly discovered security vulnerabilities to break into Exchange email servers running on company networks. Since that first discovery, further hacking groups are now exploiting the vulnerabilities. There is already actively detected widespread exploitation of these Microsoft Exchange vulnerabilities, which are being used to steal e-mails and compromise networks.
Who will affect?
The vulnerabilities affect Exchange Server versions 2013, 2016, and 2019, while Exchange Server 2010 is also being updated for defense-in-depth purposes. Exchange Online is not affected.
Exchange Online (also known as Microsoft 365) is not affected. If you utilize a different (not Microsoft) provider for hosted Exchange, please verify with them whether your hosted Exchange is at risk and whether it has been adversely affected.
Microsoft has released emergency out-of-band security updates for most Microsoft Exchange versions that fix four newly detected vulnerabilities actively exploited in targeted attacks. You can get the standalone update package through the Microsoft Download Center.
Updates are available via this link: Updates
We strongly urge customers to update on-premises exchange systems immediately.
If you have concerns about your Exchange environment and need assistance to upgrade your email system to Microsoft office 365 email system, please contact our friendly team today for an obligation free systems assessment.
Contact our friendly team today for an obligation free systems assessment.