Microsoft has released Exchange Server software patches to address e-mail server vulnerabilities that hackers are exploiting in the wild. However, the patches don't fully safeguard Exchange from hackers who have already infiltrated the email systems.Attack Timeline and Updates: See all Microsoft Exchange hacker attack timeline updates & new developments here.The initial patches are designed for Exchange Server 2013, 2016 and 2019. The hacker attacks were launched by HAFNIUM, a state-sponsored group operating out of China, Microsoft alleges.The Exchange Server attacks were discovered by network security monitoring service provider Volexity in January 2021. Indeed, Volexity detected anomalous activity from two of its customers’ Microsoft Exchange servers.Details Specifically for MSPs: For MSPs seeking to further understand the on-premises Exchange Server vulnerabilities, related threats and fixes, cybersecurity firm Huntress offers this perspective.Later in the day, the CISA issued an emergency directive -- urging organizations to patch on-premises Exchange Server while performing associated security scans to see if hackers are in the systems.
Microsoft Exchange Server Cyberattacks: CISA Alert
According to an alert from the CISA (Cybersecurity & Infrastructure Security Agency), which is part of the U.S. Department of Homeland Security:"Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild."
