Today is a dangerous day for companies that have on-premises versions of Microsoft Exchange Server. Yesterday, March 2, Microsoft announced that it detected multiple 0-day exploits being used in limited and targeted attacks, which means that the hackers know they only have a couple of days left to exploit the hack until the vulnerability is patched.
Microsoft said it believes that Hafnium, “a group assessed to be state-sponsored and operating out of China,” carried out the attacks. Microsoft did not offer evidence supporting the assessment, but said the “state-sponsored” actor was identified by the Microsoft Threat Intelligence Center based on observed “tactics and procedures.”
If you’ve read this far, you should take a moment to ask your IT people if they are aware of the threat. While it has been widely publicized, it has also been made political… which it may be, but that doesn’t mean anything in this context. Make sure your on-premises Microsoft Exchange Server instances are patched and up to date.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it.