Information Security

 View Only

Microsoft issues patches for Exchange Server zero-day exploits

  • 1.  Microsoft issues patches for Exchange Server zero-day exploits

    Posted 03-03-2021 03:06 PM
    Hi all, wanted to share the below for those who have not yet seen it:

    Microsoft announced on Tuesday, March 2nd that four zero-day exploits have been discovered. Due to the high impact of these exploits, Microsoft has issued patches outside of its normal cadence.

    These exploits impact Microsoft Exchange Server versions 2013, 2016 and 2019. Microsoft has stated that its hosted Exchange Online servers are unaffected.

    The primary targets of these exploits are publicly-facing Exchange Servers running the vulnerable versions. However, it is important to note that even instances not accessible from the Internet should be patched, as undiscovered intruders already in your network could utilize this exploit for additional data exfiltration.

    It's recommended that your organization should immediately follow the guidance in Microsoft's announcement to assess whether these exploits impact your organization. From a TPRM perspective, you should also consider reaching out to your third-party vendors to request information surrounding:
    • Which version(s) of Exchange Server is utilized by the vendor.
    • Whether the server is accessible from the Internet.
    • What activities the vendor is performing to assess the potential impact of these exploits, including timeline for applying patches even if the server is not publicly-facing.

    Sources for further reading:
    • https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
    • https://krebsonsecurity.com/2021/03/microsoft-chinese-cyberspies-used-4-exchange-server-flaws-to-plunder-emails/
    • https://redmondmag.com/articles/2021/03/02/exchange-server-zero-day-patches.aspx