Content, Content

Microsoft Exchange Security Patches for Hafnium Hacker Attacks

Microsoft has released Exchange Server software patches to address e-mail server vulnerabilities that hackers are exploiting in the wild. However, the patches don't fully safeguard Exchange from hackers who have already infiltrated the email systems.

Attack Timeline and Updates: See all Microsoft Exchange hacker attack timeline updates & new developments here.

The initial patches are designed for Exchange Server 2013, 2016 and 2019. The hacker attacks were launched by HAFNIUM, a state-sponsored group operating out of China, Microsoft alleges.

The Exchange Server attacks were discovered by network security monitoring service provider Volexity in January 2021. Indeed, Volexity detected anomalous activity from two of its customers’ Microsoft Exchange servers.

Details Specifically for MSPs: For MSPs seeking to further understand the on-premises Exchange Server vulnerabilities, related threats and fixes, cybersecurity firm Huntress offers this perspective.

Microsoft Exchange Server Cyberattacks: CISA Alert

According to an alert from the CISA (Cybersecurity & Infrastructure Security Agency), which is part of the U.S. Department of Homeland Security:

"Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild."

Later in the day, the CISA issued an emergency directive -- urging organizations to patch on-premises Exchange Server while performing associated security scans to see if hackers are in the systems.

Microsoft 365: More Secure Than On-Premises Exchange Server?

The Exchange Server patches emerge at a key time for Microsoft and its end customers. During the recent SolarWinds Orion cyberattack hearings in Washington, D.C., Microsoft emphasizes that customers should shift their software workloads and applications from on-premises systems to cloud-based services such as Azure and Microsoft 365.

In theory, cloud services are more secure than on-premises software because vendors can more universally control security settings and more rapidly patch issues, without depending on end-customers to do so.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.