Zero-Day Exploit Affects Microsoft Exchange Servers

Microsoft has announced that Hafnium, a Chinese-backed cybercriminal organization, has been taking advantage of four zero-day exploits to attack on-premises Microsoft Exchange servers. These newly-discovered vulnerabilities are being used to infiltrate networks and steal data, and they pose a serious risk to any organization running on-premises Exchange servers. We strongly recommend that any organizations with on-premises Exchange servers, including hybrid Office 365 setups, should apply Microsoft’s security updates immediately.

If you are a TechMD client and are using any version of Microsoft Exchange Server that was affected by this exploit, then we have already applied the relevant security updates.

This zero-day exploit affects the following versions of Exchange:

  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2010

You can find links to Microsoft’s security updates below:

To ensure your organization is protected from data breaches, your IT team will need to apply the security updates above and follow Microsoft’s guidelines to secure your Exchange server(s). Again, it is vital that this patch is applied to any affected servers as soon as possible, even for organizations that have shifted email infrastructure to Office 365 but retain any on-premises Exchange servers.

For more information about migrating your email to Microsoft Office 365 the right way, or if you’d like to discuss how TechMD can help your organization be more proactive about cybersecurity, please contact us.

Share:

Subscribe to TechMD Insights






More Posts

Russian Invasion Requires Increased Cybersecurity Alertness 

You have probably heard the news by now that Russia has invaded Ukraine, and this will likely have a major impact on the cybersecurity world moving forward. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is recommending that all American organizations be on high alert, especially small and mid-sized businesses as they are seen as softer targets for cybercriminals.

Top 3 Takeaways from the 2021 Verizon Data Breach Investigations Report 

Every year, Verizon releases their Data Breach Investigations Report (DBIR) and it usually contains some useful takeaways about how SMBs can protect themselves from cybercriminals. In case you haven’t read this 119-page report, here’s TechMD’s breakdown of the Top 3 most relevant takeaways for your business. 

Top 3 IT Priorities for 2022

2021 has been another year of “unprecedented times” as the COVID-19 pandemic has continued long past what many expected. With this continued level of uncertainty, it’s more important than ever that organizations have their IT in order and prioritized. Our team here at TechMD have put together three top IT priorities for 2022 to help you be prepared for the ever-changing IT landscape.