Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
READ THIS BEFORE YOU START YOUR DAY
Exchange On Prem 0 day for all versions 2010+. Exchange Online not vulnerable, but even a single on prem box means a customer could be at risk.
March 2, 20212 – Exchange Out of Band Release – Multiple Security Updates Released for Exchange Server – HAFNIUM targeting Exchange Servers with 0-day exploits
Microsoft on the Issues
March 2, 2021 Security Update Release
March 2, 2021 Security Update Release – Release Notes – Security Update Guide – Microsoft