Amid the Microsoft Exchange Server hacks and cyberattacks, which may have impacted more than 60,000 Microsoft e-mail customers worldwide, the Cybersecurity and Infrastructure Security Agency (CISA) is urging MSSPs, MSPs and IT security staffs to immediate address the vulnerabilities.
If you are unable to immediately apply updates, follow Microsoft’s alternative mitigations in the interim. Note: these mitigations are not an adequate long-term replacement for applying updates; organizations should apply updates as soon as possible.
Microsoft Exchange Cyberattack: Hafnium Hack Timeline, Updates
Microsoft disclosed the Exchange Server hacks on March 2, 2021. Microsoft alleges that a state-sponsored threat actor called Hafnium, which operates from China, launched the attacks against customers’ on-premises email servers.