Latest Alerts

Microsoft Exchange security vulnerability

Our Hackbusters team have issued this advisory bulletin from Microsoft regarding a critical vulnerability affecting Microsoft Exchange Servers.

The exploit named ‘Hafnium’ initially targeted entities in the United States for the purpose of exfiltrating information from a number of industry sectors but is now spreading globally. While Hafnium is based in China, it conducts its operations primarily from leased Virtual Private Servers (VPS) in the United States.

Scope

The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). As of 9 March 2021, it has been estimated that 250,000 servers had already fallen victim to the attacks. This includes servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority and the Norwegian Parliament.

Note: If you are within a 100% cloud solution such as Office 365/Microsoft 365 environment, then this vulnerability may not affect you.

Actions

To protect your organization, Microsoft recommends organizations install the latest security patch as soon as possible.

Patch Links:

  1. March 2, 2021 Security Update Release – Release Notes – Security Update Guide – Microsoft

  2. CVE-2021-26412

  3. CVE-2021-26854

  4. CVE-2021-26855

  5. CVE-2021-26857

  6. CVE-2021-26858

  7. CVE-2021-27065

  8. CVE-2021-27078

We recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise Microsoft shared here.

Cyberboxx policyholders affected by this vulnerability and need help from the Hackbusters team to address the mitigation actions, please contact your BOXX representative for assistance.

For additional information, please refer to the following resources:

As always, we will continue to be vigilant in monitoring for the latest cyber threats and vulnerabilities.

Related Posts

Latest Alerts Apache Log4j2 library vulnerability

Apache Log4j2 library vulnerability

On Thursday, December 9, 2021, a zero-day exploit was made public in the popular Java logging library Log4j. This is often used to create and store logging information from software, applications, hardware appliances etc.

21/12/2021
Latest Alerts Microsoft Windows security vulnerability

Microsoft Windows security vulnerability

BOXX wants to alert you of a new computer flaw, identified by Microsoft as ‘CVE-2019-0708’, that affects some older versions of Microsoft Windows.

06/06/2019

Sign up for the BOXX Insurance Newsletter

Get the latest updates about Cyber Insurance and Protection with our newsletter.