Patch your Exchange email server now! Flaws exploited by hackers to download corporate email • Graham Cluley

Microsoft has launched emergency safety patches for 4 zero-day vulnerabilities in its Exchange email server software program, broadly used by companies.

In a blog post the corporate mentioned that a number of zero-day vulnerabilities in on-premises variations of Microsoft Exchange Server had been exploited in assaults that it believed have been orchestrated by a state-sponsored Chinese hacking group known as “Hafnium.”

Exploitation of the safety holes allowed malicious attackers to achieve entry to email accounts, and allowed different malware to be planted to achieve a long-term foothold inside organisations.

Sign up to our newsletter
Security news, advice, and tips.

Microsoft is urging at-risk organisations to install security updates immediately.

The variations of Microsoft Exchange Server affected are:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

The on-line model of Exchange isn’t affected by the failings.

Microsoft says that the Hafnium hacking group has primarily focused victims within the United States, “together with infectious illness researchers, legislation companies, increased schooling establishments, protection contractors, coverage assume tanks, and NGOs.”

More particulars concerning the zero-day flaws may be present in this write-up by researchers from Volexity.

According to Volexity, the assaults have been stealing email and compromising networks since as early as January 6, 2021.

So don’t delay – comply with Microsoft’s recommendation, and apply the patches to affected systems immediately.

Dawdling solely will increase the probabilities that Hafnium, or different hacking teams who could produce other targets of their sights, will try to exploit the vulnerabilities in an assault towards your organisation.

Leaving your techniques unpatched is asking for hassle.

Found this text fascinating? Follow Graham Cluley on Twitter to learn extra of the unique content material we submit.

Graham Cluley is a veteran of the anti-virus trade having labored for quite a few safety corporations because the early Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an unbiased safety analyst, he repeatedly makes media appearances and is an international public speaker on the subject of laptop safety, hackers, and on-line privateness.

Follow him on Twitter at @gcluley, or drop him an email.

Related Posts