Exchange Servers Under Attack

The Microsoft Threat Intelligence Center (MSFIC) has detected multiple cyberattacks on on-premises versions of the Microsoft Exchange Server. The threat actor known as Hafnium originates from China but operates within the US. The cloud Exchange Servers are not vulnerable to this attack.

The on-premise servers affected are:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

We are advising all our partners who run on-prem Exchange Server software for their customers to ensure that you are taking all the necessary corrective action. The security updates are available from Microsoft, here.

Our recommendation is to take the servers offline, patch your Exchange environments immediately to protect you and your end clients against these attacks. Then check for indicators of compromise. For more details on this, please go here.

If you need assistance getting your Exchange server patched, please reach out to us at 720-799-1443 or via email at

Questions about our products or services?
Email us or call 1 (720) 799-1443


Microsoft and Sherweb