Microsoft Exchange Server image

Take Action TODAY on Microsoft Exchange Server Zero Day Hack

Still running a Microsoft Exchange Server on premises? Your environment is at risk. Earlier this week, Microsoft announced critical vulnerabilities that need patches immediately. Take action today to protect your data. Then make plans to move off your on-premises servers to Microsoft Exchange Online and Microsoft 365, which Microsoft has confirmed are not affected.

The on-premises Microsoft Exchange Servers impacted include:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016  
  • Microsoft Exchange Server 2019

The HAFNIUM Microsoft Hack

Microsoft attributes a number of zero-day attacks to a group it calls HAFNIUM that it claims is state sponsored and operating out of China. A zero-day attack is one that exploits a previously unknown vulnerability. Because of this, hackers can continue to exploit a zero-day vulnerability until the problem is patched. 

The attack happens in three steps

  1. HAFNIUM gains access with stolen passwords or by disguising itself as someone who should be allowed access through this new vulnerability.
  2. It deploys malware that enables remote access and control of the server.
  3. It uses that remote access to execute arbitrary commands and steal data.

How To Protect Your Business TODAY

Patch your on premises Microsoft Exchange Server TODAY if you haven’t already. Start by installing the updates on any externally-facing Exchange servers, but update them all. Exchange Online is not affected by the HAFFNIUM vulnerability. You can find patches here:

How To Prevent Future Zero Day Vulnerabilities

Make plans to move to the cloud. That means migrating from on-premises servers to Microsoft Exchange Online, which Microsoft has confirmed is not affected.

If you are an Aeko client, don’t worry — we’ve already taken care of this potential issue if you were at risk. Not a client yet? Contact us or book a quick consultation to discuss cloud migration, ongoing IT support and comprehensive cyber security.

Free Download

2022 Cyber Security Essentials Checklist

See where your business stands with these 18 critical cyber security controls established by the Center of Internet Security (CIS). Plus see the types of attacks most likely to impact your business.

2022 Aeko Cyber Security Essentials Checklist Promo

Download Now

Brian Rodgers

Before Brian founded Aeko in 2016, he oversaw large teams as an IT executive within the oil and gas industry, leading the technology infrastructure that helped that company grow to an S&P 500 company. He is passionate about bringing those same strategies to small and midsize businesses, enabling them to scale their services and adapt more quickly to market changes.