Microsoft has announced urgent patch updates for multiple on-premises Microsoft Exchange Server zero-day vulnerabilities, which are being exploited by a nation-state affiliated group.
These vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019.
Exchange online is not affected.
Microsoft recommends that immediate action is taken to apply patches for any on-premise Exchange deployments. The first priority should be any servers that are accessible via the internet such as, servers publishing Outlook on the web/OWA and EXP.
In the attacks Microsoft has observed, the group have used these vulnerabilities to access on-premises Exchange Servers enabling them to access email accounts as well as installation of additional malware to facilitate long-term access to victim environments.
Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics, and procedures.
Microsoft have shared this information to help raise awareness and emphasise the critical nature of these vulnerabilities - it's incredibly important to patch all affected systems to protect your data against these exploits and prevent future attacks across your systems.
If your organisation needs help with your patch updates or are worried you've already fallen victim to this attack, please call us immediately on 01908 571 510.
For detailed information about the attacks, the patch update, or to see if you've already fallen victim, go to Microsoft's blog here.