We use cookies to improve your experience and optimize user-friendliness. Read our cookie policy for more information on the cookies we use and how to delete or block them. To continue browsing our site, please click accept.

Microsoft Exchange Server Attacks – What You Need to Do Now

Microsoft releases patches for multiple Microsoft Exchange vulnerabilities used to steal email and compromise networks.

This week Microsoft shared news of a newly identified state-sponsored threat actor (named by Microsoft as Hafnium) operating from China, targeting entities in the United States to exfiltrate information from various organizations across all industries. The highly skilled threat actor was exploiting four previously unknown flaws in on-premises Exchange Server software. The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019.  Exchange Online and Office 365 are not affected.

To protect its customers, Microsoft has released patches for these multiple on-premises Microsoft Exchange Server zero-day vulnerabilities. Specifically, to minimize or avoid impacts of this situation, Microsoft and Withum highly recommend that you take immediate action to apply the patches for any on-premises Exchange deployments you have.

Even though we've worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today's patches is the best protection against this attack Tom Burt Microsoft's corporate vice president of Customer Security & Trust
If your organization is an Exchange Server customer, Withum is committed to working with you through this issue. Book a meeting with us to assess if your organization is vulnerable or to learn more about our capabilities.

Digital Solutions Services

Previous Post
Next Post
Article Sidebar Logo Stay Informed with Withum Subscribe


Get news updates and event information from Withum