Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.
The vulnerabilities recently being exploited were CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Affected Exchange version are Microsoft Exchange Server 2013, Microsoft Exchange Server 2016 and Microsoft Exchange Server 2019. Exchange Online is not affected.
Microsoft released security updates to address these vulnerabilities and strongly urge customers to update on-premises systems immediately.
Security updates are available for the following specific versions of Exchange:
- Exchange Server 2010 (RU 31 for Service Pack 3)
- Exchange Server 2013 (CU 23)
- Exchange Server 2016 (CU 19, CU 18)
- Exchange Server 2019 (CU 8, CU 7)
Matsco Solutions are currently evaluating the security updates and will be reaching out to clients running the affected Exchange system to schedule updates to their environments.
For more information please refer to:
HAFNIUM targeting Exchange Servers with 0-day exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Multiple Security Updates Released for Exchange Server
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
Or feel free to contact us on the details below:
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090
Share this Post