Microsoft have posted a threat advisory (https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/) relating to multiple malicious actors actively exploiting several Microsoft Exchange Server vulnerabilities to gain unauthorised access.
Security Updates have been issued to address these vulnerabilities: https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901. You should install these security updates as soon as possible to ensure that your systems are secured.
If you are unable to install the security updates, RedShield have a shield available that would provide partial mitigation by blocking malicious requests to paths known to be vulnerable to CVE-2021-26855. This shield is based on information published by Volexity https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/. Please contact support@redshield.co if you require this shield.
Microsoft have also issued some of their own partial mitigations that can be found at https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/
Comments