Urgent Microsoft Exchange Vulnerability
ssnaugher | Posted on |

Urgent Microsoft Exchange Vulnerability
Where is the threat coming from?
At this point in time, Microsoft has identified the group – Hafnium as responsible for the threat and attack. It is believed that Hafnium is a state-sponsored threat actor based out of China.
How is it spread?
It is believed the threat is spread through 4 separate vulnerabilities in Microsoft Exchange Server. If a server has open connectivity to the Internet through port 443, which is very common, the attackers can take advantage of the vulnerability to gain access to email and data to exfiltrate the information.
How serious is the threat?
The threat is extremely serious in that it allows the attacker to not only get access to the data but also execute commands on the affected servers and related network. The most significant issue is that most if not all security is not able to detect and prevent this threat as of yet. Some cybersecurity firms have estimated that over 25% of the systems they have investigated have been affected by the vulnerability.How do you protect your environment?
It is advised to immediately download and apply the recommended emergency patches from Microsoft. More information on this particular vulnerability can be found on the Microsoft blog located at –
https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/
If you have any questions or need assistance applying these emergency patches –
please call us at 417-334-0494
Our Past Posts

The final curtain call for Windows 10: What you need to know
Microsoft has announced there will be no new feature updates for Windows 10 so maybe it’s time to upgrade to Windows 11. We’ll help you make up your mind.

Windows 11 optional update: Why it’s better to wait
Microsoft has just announced an option for people to trial new features before their general release in Windows 11. This isn’t about fixes to security flaws – everyone gets those at the same time. This is an opportunity for businesses to jump the queue to receive new features and updates first. Sound exciting? Yes! Worth the risk? Not quite. Our …

Can your business go green by switching to the cloud?
Cloud computing has quickly become a popular option for businesses that want to streamline their operations, reduce costs, and become more flexible. But are you swayed by the idea that cloud services are automatically better for the environment? Could the need to do your bit ‘cloud’ your decision-making? Sorry. Bad pun. It’s true that cloud services have environmental benefits compared …

Charging in public places? Watch out for “juice jacking”
Airports, hotels, cafés, even shopping malls, offer public charging points where you can boost your phone or laptop battery on the go. They’ve been in the news after the FBI recently tweeted advice to stop using them. Crooks have figured out how to hijack USB ports to install malware and monitoring software onto devices as they charge. The security risk …

LinkedIn takes action to tackle fake accounts
LinkedIn is introducing new verification features over the coming months to help tackle fake accounts.

Microsoft hints at some exciting Windows 12 developments
Windows 11 still feels like a new toy, yet we’ve already heard speculation about Windows 12 arriving as soon as next year. It’s all we can think about!