What to know about HAFNIUM Targeting Exchange Servers with 0-day exploits

Exchange Server On-Premises
Cornerstone.IT Gold Microsoft Partner
Connect with us at
www.Cornerstone.IT/contact for the latest updates.

Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have.  #ITCornerView

Issue/Vulnerability

On March 2, 2021, Microsoft released patches for multiple different on-premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group.


Scope

The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019.


Remediation/Action Plan

We recommend that you help drive immediate remediation steps.  For on-premises Exchange Servers, we ask that you direct your teams to start immediate action to assess your Exchange infrastructure and patch vulnerable servers, with the first priority being servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).  To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.  You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release). Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010). 


Additional Resources


Avoid business continuity disruption by including Windows 10 upgrade in your 2021 budget.  Cornerstone.IT is a Microsoft Gold partner with a history of successful Windows upgrades.

#ITBudgetPlanning #LegalIT #ITCornerView

Cornerstone.IT graphic
Cornerstone.IT