Microsoft Reports Zero-Day Exploits
On March 2nd 2021 Microsoft has released details on a threat actor utilizing Zero-Day exploits in on premises Exchange servers 2013, 2016, and 2019. These Zero-Day exploits have been contributed to an international actor known as HAFNIUM. HAFNIUM is a highly skilled and sophisticated actor based out of China that primarily targets companies, from law firms to non-profits, in the United States with the explicit purpose of exfiltrating data. For companies running any of the above versions of Microsoft Exchange, Microsoft suggests prioritizing updating your servers to the newest versions and has offered a shell script to scan for any signs of the exploits.
What does this mean?
If you are running an on-premises version of Microsoft Outlook Server it is always a good practice to keep your server up to date. This is especially true right now, if you are running Microsoft Exchange Server 2013, 2016, 2019. In the links above you will find information on the security update that Microsoft has put out. This update has taken the steps to fill the zero-day exploit that caused this issue and will be available for any Microsoft Exchange Server operating currently. Additionally, Microsoft has provided a script you can run on your server that will check if you have been damaged by the HAFNIUM exploit already. These exploits can happen at any time to anyone, so it is crucial that you keep your servers and even individual systems as up to date as possible.
This is an ongoing story and JLGOV will add information to this page as it is provided.
Related:
CVE-2021-26855
CVE-2021-26857
CVE-2021-26858
CVE-2021-27065
Full Break Down of What Microsoft Knows and Steps They Have Taken
About The Author
Randy Rice is a lifelong tech enthusiast with experience in company security compliance assessments. He has been with JLGOV since 2019.
Please report any corrections or typos/errors to corrections@jlgov.com