Microsoft releases 4 critical patches to address recently discovered zero day exploits that effect On-prem Exchange Server.

By Michael Westerfield, Enterprise Architect

On March 2nd, Microsoft released patches that addressed 4 vulnerabilities in its Exchange Email server “which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments.” Exchange Online, Microsoft’s cloud-based email solution, is not affected.

Dasher is encouraging everyone that has Microsoft Exchange installed to patch their systems ASAP as these vulnerabilities can be exploited on externally facing Exchange Servers.

Further, Microsoft has distributed an email with these instructions:

To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.

You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release).

Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010).

We also recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise we shared here.

Various news agencies are reporting that this attack is being carried out by Hafnium, “a group assessed to be state-sponsored and operating out of China.” Per one of the security research firms that initially discovered the exploits “at least one of the attacks does not require authentication of any kind or even special knowledge or access to a target environment. The attacker only needs to know the server running Exchange and the account from which they want to extract e-mail.”

If you need any assistance with applying these patches or running the Health Checker script, please contact your Dasher team.

For additional information, please see the Microsoft Security Response Center Blog at

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/