Twin State Technical Services received notification on the morning of Wednesday, March 3, regarding four (4) unique 0-day vulnerabilities that were discovered and affecting Microsoft Exchange Server versions 2013, 2016, and 2019. The notification also disclosed that threat actors were known to be actively exploiting these vulnerabilities in the wild.
The response from the Microsoft Exchange Team can be found here: https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901
Additional details, along with the Indicators of Compromise (IOC’s), can be found here: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
US Cybersecurity & Infrastructure Security Agency Alert: https://us-cert.cisa.gov/ncas/alerts/aa21-062a
Your Twin State Engineer should have reached out to you regarding patching for these vulnerabilities. If you have not heard from us or have questions or concerns, don’t hesitate to reach out to us at helpdesk@tsts.com or via phone at 563-441-1504.
Tags: exchange, exploit, Microsoft, security