Microsoft Exchange security vulnerability
Our Hackbusters team have issued this advisory bulletin from Microsoft regarding a critical vulnerability affecting Microsoft Exchange Servers.
The exploit named ‘Hafnium’ initially targeted entities in the United States for the purpose of exfiltrating information from a number of industry sectors but is now spreading globally. While Hafnium is based in China, it conducts its operations primarily from leased Virtual Private Servers (VPS) in the United States.
The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). As of 9 March 2021, it has been estimated that 250,000 servers had already fallen victim to the attacks. This includes servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority and the Norwegian Parliament.
Note: If you are within a 100% cloud solution such as Office 365/Microsoft 365 environment, then this vulnerability may not affect you.
To protect your organization, Microsoft recommends organizations install the latest security patch as soon as possible.
March 2, 2021 Security Update Release – Release Notes – Security Update Guide – Microsoft
We recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise Microsoft shared here.
Cyberboxx policyholders affected by this vulnerability and need help from the Hackbusters team to address the mitigation actions, please contact your BOXX representative for assistance.
For additional information, please refer to the following resources:
As always, we will continue to be vigilant in monitoring for the latest cyber threats and vulnerabilities.
Apache Log4j2 library vulnerability
On Thursday, December 9, 2021, a zero-day exploit was made public in the popular Java logging library Log4j. This is often used to create and store logging information from software, applications, hardware appliances etc.
Microsoft Windows security vulnerability
BOXX wants to alert you of a new computer flaw, identified by Microsoft as ‘CVE-2019-0708’, that affects some older versions of Microsoft Windows.
Sign up for the BOXX Insurance Newsletter
Get the latest updates about Cyber Insurance and Protection with our newsletter.