On March 2, 2021, Microsoft released a number of security updates to address recently exposed vulnerabilities in Exchange Server.
Microsoft announced that the four vulnerabilities have been used as part of a limited, targeted attack chain, in which email communications were infected with malware which enables long-term access to the victims’ networks. Flaws in Exchange Server were exploited to gain initial access.
Microsoft advises that customers apply the system updates immediately in order to plug these security holes. While Exchange Online, the cloud-based version of the service, has not been affected, patches have been released to fix security issues in on-premises versions, including Microsoft Exchange Server 2013, 2016, and 2019.
At Umbrella, we have taken rapid action to protect our clients by applying the recommended patches.
The attacks have been attributed to China’s state-sponsored cyber espionage group “HAFNIUM”. The group is known to exploit vulnerabilities in internet-facing servers to exfiltrate data from the US.
According to Microsoft, “HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.”
While updates to Microsoft Exchange Server should be applied immediately, Microsoft states that users can also protect themselves from this type of attack by restricting untrusted connections or by setting up a VPN to separate the server from external access.