Incident: Last week Microsoft and DHS CISA reported that a previously unknown vulnerability in on-premise, self-hosted Microsoft Exchange Servers was being exploited by government sponsored espionage hackers, dubbed Hafnium. The attacks allowed not only inbox access, but offered the ability for attackers to steal mailbox contents.
Within days of the announcement, attackers worldwide began scanning for exposed Microsoft Exchange servers, and the online cyber intelligence service Shodan.io published thousands of potential victims.
The text and link below provide guidance on how to remediate this urgent vulnerability for:
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
*NOTE* Microsoft Exchange Online Products are NOT affected
Corrective Action is to Apply Microsoft Patch to Exchange Server Immediately. Click below to download.
Apply the patches shown above. Instructions for applying patches are available from Microsoft here. Patching of Exchange servers should be done only by qualified IT personnel, experienced in MS Exchange.
In all cases, MS Exchange should not be publicly accessible.Utilize a Firewall or Unified Threat Management system in front of Exchange to isolate Exchange from prying outside eyes.
Any company with a hosted Exchange system should be under active, 24x7 monitoring for indicators of attack. Access to the Exchange server and Outlook Web Access should be monitored by a Security Operations Center, thwarting threats. If your company does not have its own 24x7 Security Operations Center, Global Guardian can help.
Standing by to Support
As always we stand by to support. If you have any questions about you or your company’s risk level and would like to discuss further, please contact our 24/7 Operations Center by clicking below or reach out to your Virtual CISO directly.