What You Need to Know About the Microsoft Exchange Zero-Day Exploit

By: Bill Walter

If you haven’t heard the news, there is a major zero-day exploit quickly spanning the globe. A zero-day exploit is an advanced cyber attack that exposes a vulnerability in software/hardware, which can create a series of complications before it is detected. Until the vulnerability is remediated, hackers can exploit it affecting your data and network. The most recent exploit is targeting local installations of Microsoft Exchange. Once attackers find a vulnerable Exchange server, they gain a foothold on that server and attempt to mine your data.

The main group behind this threat is HAFNIUM, who primarily targets companies within the United States. Industries most at risk include infectious disease researchers, law firms and educational institutions. However, these hackers can exploit any Exchange server they can get their hands on. Other bad actors are now launching similar attacks, meaning a quick response is your best defense.

The good news is that if you are already using a cloud-based email system like Microsoft 365, you are safe. If you have an on-premise Microsoft Exchange server, patch it immediately. This can be a physical or virtual server running at your office, a colocation space or even in the cloud. We have come across servers that were left behind after a migration to cloud-based email services. This threat is bad enough that Microsoft is providing patches to no longer supported servers. You can find the specifics here.

How Do I Protect My Network?

The first step is to install the patch. Ensure you are fully patched with the correct cumulative update and the correct additional patch specific to this threat. Once you have completed this, you are not done yet. The patch can’t tell you if your server was compromised, but Microsoft is providing steps on how to find out if you have any indications of compromise. These steps will show you if you need to take further action.

Additional best practices are to limit the ports allowed to communicate to and from your server through your firewall. The use of egress filtering can stop the unwanted intruder from doing more damage and can give you more information to respond to the threat. Adding advanced threat detection and response capabilities is another strong tool to defend your network.

If you haven’t already, you need to investigate migrating to the best email solution for your organization. After the migration is complete, fully decommission any unnecessary servers or services so you are less likely to have to go through this again.

Need Help?

Issues like this, along with the continuous change to the information technology threat landscape, can be daunting to stay on top of. It’s always good to have someone to call when you need help. If you need assistance, feel free to contact us online or call 410.685.5512.

Published March 8, 2021

Webinar Recording

Cyber Security Wake-Up Call: What’s Putting Your Organization At Risk?

Cyber Security Wake-Up Call Screen Play

Don’t Become a Cyber Security Horror Story This October

It’s October again, which means it’s Cyber Security Awareness Month — and the cyber security landscape couldn’t be...

Ransomcloud: The Next Frontier In Cyber Security Threats

In the rapidly evolving landscape of cyber security, a new kind of threat has emerged that targets cloud services and...