HAFNIUM Zero-Day On-premise Exchange Server Attack
Wizard Cyber has produced the below information sheet to get you updated with what you need to know and what to do to protect yourself against this threat.
What is it?
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed the installation of additional malware to facilitate long-term access to victim environments.
What is the Impact?
There are reports as many as 30,000 organisations have been compromised and we expect this figure to keep growing in an unprecedented email server hack, believed to have originated from a state-sponsored Chinese hacking group known as Hafnium.
The impact can be fatal as the hack can grant SYSTEM level access to your Exchange Server.
Are my systems vulnerable?
The Microsoft Exchange Server team has published a blog post on these new Security Updates providing a script to get a quick inventory of the patch-level status of on-premises Exchange servers and answer some basic questions around the installation of these patches.
How do I mitigate this threat?
The Exchange Server team has created a script to run a check for HAFNIUM IOCs to address performance and memory concerns. That script is available here: https://github.com/microsoft/CSS-Exchange/tree/main/Security.
Let's talk about your requirements
Loading
