Hack Puts Microsoft Exchange Servers at Risk: How To Protect Your Business

Microsoft Exchange Server

Do you use Microsoft Exchange Server? If it’s an on-premises server YOU ARE AT RISK!

Microsoft announced the security vulnerability March 2, 2021 and companies in this situation need to immediately download patches and check for IOC’s (Indicators of Compromise). Since that announcement, the DHS Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 21-02 requiring federal agencies to comply by noon today, March 5.

Exchange Online is not affected. ALL currently supported on-premises Exchange Server versions are at risk. This means if your on-premises Exchange Server is in the following list you need to take action:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016  
  • Microsoft Exchange Server 2019
  • *Note that servers prior to 2013 are inherently insecure at this point as they are EOL (End of Life) and not generally supported by Microsoft anymore.

Heed the warning! Make plans to either update your on-premises Exchange Servers or to migrate to Microsoft Exchange Online.

The HAFNIUM Zero-Day Hack (dubbed by Microsoft)

This is a highly dangerous attack linked to China. Microsoft called them “a highly skilled and sophisticated actor.” It’s a zero-day attack which capitalizes on previously unknown vulnerabilities — that is until the problem surfaces and a patch is released. 

Microsoft noted, “We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately.”

Here’s how the HAFNIUM attacks:

  1. It gets access to your Exchange Server either from stolen or compromised credentials or by taking advantage of the zero-day vulnerabilities and impersonating a legitimate user.
  2. It installs malware on the server which allows remote access and control through a web shell.
  3. It withdraws data using that same remote access and/or puts arbitrary commands into place.

Protect Your Business NOW!

Don’t wait a minute more than you have to. If this threat affects your Microsoft Exchange Server, patch it NOW. All Exchange servers should be updated but start with externally facing ones. Access the patches here:

If you are a current SWAT client, you don’t need to do anything. We have already taken care of the problem for you.

Prevent Future Zero-Day Vulnerabilities

The easiest solution to on premises server vulnerabilities is to migrate to the cloud (Microsoft Exchange Online) which is the cloud platform for Microsoft 365. If you are interested in discussing cloud migration or other IT and cyber security services for your business, contact us or book a meeting. There is no obligation and we think you will quickly see the benefits we can provide to your business.

You May Get Hacked

Know What to Do with our Checklist

Whether you've been hit by ransomware or are just worried about a ransomware attack, this checklist can help. This one page checklist has simple instructions to help your team act fast and feel confident in how to respond. Print, post and prepare your team wo know what to do in a ransomware attack.

Get The Checklist

Become a SWAT Insider

Join the SWAT Systems community and get important IT insights and trends from our team of pros each month. You'll learn ways to solve common problems and keep IT operations running smoothly.