Over 30,000 Microsoft customers that run versions of Exchange Server versions 2013 through 2019 are immediately vulnerable to hacking by a cyber espionage group and may have already been hacked. The Cybersecurity & Infrastructure Security Agency (CISA) has outlined immediate steps to take:
- Check for signs of compromise.
- Immediately patch Microsoft Exchange with the vendor-released patch.
- If unable to patch, remove the products from the network immediately.
- Upgrade to the latest supported version of Microsoft Exchange.
CISA advises that patching a system that has already been compromised will not be sufficient to mitigate this situation and recommends that partners immediately disconnect any Microsoft Exchange systems suspected of being compromised.
The hacking was first reported on March 2, 2021, by Microsoft, but the full extent of the vulnerability continues to evolve. If you or one of your vendors are providing your emails through one of these affected Exchange servers, follow the US Government Cybersecurity & Infrastructure Security Agency (CISA) guide below.
CISA Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities | CISA
- CISA - Microsoft releases alternate mitigations of Exchange Server vulnerabilities Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities | CISA
- Microsoft Threat Intelligence Center alert HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security
- Department of Homeland Security cyber.dhs.gov - Emergency Directive 21-02