Microsoft Shares Additional Mitigations for Exchange Server Vulnerabilities Under Attack

Microsoft Shares Additional Mitigations for Exchange Server Vulnerabilities Under Attack

Posted March 6, 2021

Microsoft Shares Additional Mitigations for Exchange Server Vulnerabilities Under Attack

  • Microsoft on Friday released alternative mitigation measures for organizations who have not been able to immediately apply emergency out-of-band patches released earlier this week that address vulnerabilities being exploited to siphon e-mail data from corporate Microsoft Exchange servers.
  • Microsoft also provided a nmap script to help customers discover vulnerable servers within their infrastructure.
  • Analysts say that HAFNIUM, a state-sponsored hacking group operating out of China, has been on an an active hacking spree with a massive espionage campaign underway to siphon data from organizations globally.
  • “This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03,” Ex-CISA Chief Chris Krebs tweeted. “Check for 8 character aspx files in C:\inetpubwwwrootaspnet_clientsystem_web. If you get a hit on that search, you’re now in incident response mode.

– Mike Lennon | March 6, 2021