The Microsoft Threat Intelligence Center (MSFIC) has detected multiple cyberattacks on on-premises versions of the Microsoft Exchange Server. The threat actor known as Hafnium originates from China but operates within the US. The cloud Exchange Servers are not vulnerable to this attack.
The on-premise servers affected are:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
We are advising all our partners who run on-prem Exchange Server software for their customers to ensure that you are taking all the necessary corrective action. The security updates are available from Microsoft, here.
Our recommendation is to take the servers offline, patch your Exchange environments immediately to protect you and your end clients against these attacks. Then check for indicators of compromise. For more details on this, please go here.
If you need assistance getting your Exchange server patched, please reach out to us at 720-799-1443 or via email at firstname.lastname@example.org.
Microsoft and Sherweb