Still running a Microsoft Exchange Server on premises? Your environment is at risk. Earlier this week, Microsoft announced critical vulnerabilities that need patches immediately. Take action today to protect your data. Then make plans to move off your on-premises servers to Microsoft Exchange Online and Microsoft 365, which Microsoft has confirmed are not affected.
The on-premises Microsoft Exchange Servers impacted include:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
The HAFNIUM Microsoft Hack
Microsoft attributes a number of zero-day attacks to a group it calls HAFNIUM that it claims is state sponsored and operating out of China. A zero-day attack is one that exploits a previously unknown vulnerability. Because of this, hackers can continue to exploit a zero-day vulnerability until the problem is patched.
The attack happens in three steps
- HAFNIUM gains access with stolen passwords or by disguising itself as someone who should be allowed access through this new vulnerability.
- It deploys malware that enables remote access and control of the server.
- It uses that remote access to execute arbitrary commands and steal data.
How To Protect Your Business TODAY
Patch your on premises Microsoft Exchange Server TODAY if you haven’t already. Start by installing the updates on any externally-facing Exchange servers, but update them all. Exchange Online is not affected by the HAFFNIUM vulnerability. You can find patches here:
How To Prevent Future Zero Day Vulnerabilities
Make plans to move to the cloud. That means migrating from on-premises servers to Microsoft Exchange Online, which Microsoft has confirmed is not affected.
If you are an Aeko client, don’t worry — we’ve already taken care of this potential issue if you were at risk. Not a client yet? Contact us or book a quick consultation to discuss cloud migration, ongoing IT support and comprehensive cyber security.
2021 Ransomware Response Checklist
Know what to do if you are hit with a ransomware attack! Get this free, easy-to-follow checklist to post and share with your team.