Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
Read more: HAFNIUM targeting Exchange Servers with 0-day exploits – Microsoft Security
Important!
READ THIS BEFORE YOU START YOUR DAY
Exchange On Prem 0 day for all versions 2010+. Exchange Online not vulnerable, but even a single on prem box means a customer could be at risk.
March 2, 20212 – Exchange Out of Band Release – Multiple Security Updates Released for Exchange Server – HAFNIUM targeting Exchange Servers with 0-day exploits
Exchange Team Blog:
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901
MSRC blog:
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
MSTIC blog:
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Microsoft on the Issues
https://blogs.microsoft.com/on-the-issues/?p=64505
March 2, 2021 Security Update Release
March 2, 2021 Security Update Release – Release Notes – Security Update Guide – Microsoft