Warning! MS Exchange Users. Approved Critical Update.
Microsoft has issued a warning regarding on-premise Exchange Servers 2010, 2013, 2016, and 2019. Vulnerabilities have been identified and administrators are being urged to apply updates as a matter of urgency. Exchange Online is not affected.
The attacks are being attributed to HAFNIUM, a Chinese nation-state affiliated group who are attacking Microsoft Exchange Server installations using multiple zero-day exploits.
Conformedia, a Microsoft partner, received the alert on the morning of 3rd March. Patches were immediately applied to all clients’ on-premise Exchange servers.
David Rayner, managing director at Conformedia, stresses the urgency to act, “Anyone administering an on-premise Exchange Server must take remedial action and patch their servers. This is a serious and immediate threat to infrastructure and user’s data. Without action your email servers can be compromised, leading to a full data breach, and increasing the threat of further infection from other malware, such as ransomware.
“As soon as Microsoft alerted us to the problem our team got to work, and I am pleased to say that all our clients received the patch the same day. Our clients who subscribe to ConnectWise Automate received this automatically, others had the patch applied manually by the team.”
Please call the team at Conformedia if you need assistance.
Microsoft have released a script to test for evidence of attack: https://github.com/microsoft/CSS-Exchange/tree/main/Security
Further information is published in a Microsoft tech note: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers.