Once again, those cunning cybercriminals have figured out a way to access your system if you are using an ON-PREMISES Microsoft Exchange Server.
On March 2, 2021 Microsoft started urging users to download software patches for the four vulnerabilities that were discovered in what they call the HAFNIUM Zero-Day Hack. Microsoft released immediate patches that day and the following day, the DHS Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive 21-02 mandating federal agencies to comply by noon, EST, today (March 5).
If you’re using the Exchange Online, you have no worries. It is not affected. Only the following on-site Exchange Servers are at risk:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
To prevent any future damage, move your email from the on-premises server to Microsoft Exchange Online.
So What is the HAFNIUM Zero-Day Hack?
According to Microsoft, who named HAFNIUM, the hacker is linked to China and is “a highly skilled and sophisticated actor.” The hack finds vulnerabilities on the server and allows the hackers to:
- Get into the server by having previously stolen or cracked credentials of users.
- Insert malware into the server and get remote access to it.
- Extract data or commands to suit the hackers purposes.
Microsoft said “We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately.”
Protect Your Business TODAY
If you don’t use an on-site Microsoft Exchange Server, no worries. But if you do, download and install the necessary patches immediately, prioritizing any external facing servers first.If you are an Internos Group client, don’t worry — we’re taking care of this for you.
Here is the link to those patches: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
Future Zero-Day Vulnerabilities Are Preventable
Zero-day refers to any attack that exploits a previously unknown vulnerability. Hackers will have access until that vulnerability is patched. This is one of the many, many reasons why it’s critical to keep all your systems up to date with the latest patches and updates.
If you have an on-premises server, your best protection from future zero-day attacks is to migrate to the cloud. Microsoft Exchange Online was not impacted by the HAFNIUM attack and is the cloud platform for Microsoft 365.