A new threat targeting Microsoft Exchange server leaves a decade’s worth of software releases vulnerable to high-profile attacks.
Microsoft has released patches to address four vulnerabilities in Exchange Server that are being used in these targeted attacks.
They are urging customers to take immediate action to apply the patches as soon as possible due to the critical rating of the flaws. The vulnerabilities exist in on-premises Exchange Server 2010, 2013, 2016, and 2019. Exchange Online is not affected.
What is the Threat?
According to the Microsoft Threat Intelligence Center, a state-sponsored threat actor known as Hafnium has been exploiting four zero-day vulnerabilities contained within the on-premises versions of Microsoft Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Believed to be targeting a wide range of high-profile targets, including medical research facilities, government contractors, law firms, and universities, the vulnerability is being used to steal the full contents of user mailboxes.
The nature of this attack makes it easy for infiltrators to gain access to sensitive information by bypassing certain forms of authentication. Depending on the Exchange Server configuration, all attackers need to know are the server’s qualified domain name and the email address of the individual being targeted in order to successfully execute the exploit.
Security experts believe that approximately 30,000 Exchange customers have been affected by the security hole, with the attacks likely having occurred between February 26 and March 3. While the entire scope of the attack is still being determined, organizations that do not take steps to patch this vulnerability will remain susceptible to intellectual property theft, malware installation, and other critical security risks.
How does this affect me and what should I do about it?
Due to the nature of zero-day attacks, which take advantage of undisclosed software vulnerabilities that require patches or updates to plug security holes, it’s imperative for any organization running Exchange Server versions 2010, 2013, 2016, and 2019 to immediately apply the necessary patches to protect against future attacks.
Microsoft has urged all Exchange Server customers to install its newly released security updates that address the Hafnium vulnerability. For IT administrators working with Exchange Server, Microsoft has also released a script that can quickly check the security status of an organization’s server.
Hafnium underscores the need for all organizations to stay vigilant in maintaining up-to-date security definitions. Although the recent attacks appear to have targeted a variety of high-profile targets, the threat nevertheless remains in place for any company running any version of Exchange Server dating back to 2010. By neglecting to install new patches and updates as quickly as possible, any company can remain vulnerable to having critical information stolen or compromised — jeopardizing customer and business interests alike.
For more information on how to secure your on-premises Exchange Server installation, or if your company would like to schedule a free network security assessment, contact DWD Technology Group today.