This week Microsoft shared news of a newly identified state-sponsored threat actor (named by Microsoft as Hafnium) operating from China, targeting entities in the United States to exfiltrate information from various organizations across all industries. The highly skilled threat actor was exploiting four previously unknown flaws in on-premises Exchange Server software. The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019. Exchange Online and Office 365 are not affected.
To protect its customers, Microsoft has released patches for these multiple on-premises Microsoft Exchange Server zero-day vulnerabilities. Specifically, to minimize or avoid impacts of this situation, Microsoft and Withum highly recommend that you take immediate action to apply the patches for any on-premises Exchange deployments you have.
Even though we've worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today's patches is the best protection against this attack Tom Burt Microsoft's corporate vice president of Customer Security & Trust