Exchange Server exploits #hafnium

I

Ipwn 4

Expert Member
Joined
Nov 6, 2010
Messages
1,937
Reaction score
226
In typical mybb fashion the editors are too busy copying and pasting rubbish to report on actual technology news so I figured I would share.

Vulnerabilities have been disclosed that affects Exchange Server, the internet is freaking out as these are pretty serious.
the TL;DR
  • Patches are out, you should get on it immediately.
  • As far as I am aware no one has actually posted a POC yet, once this happens expect the exploits to be used for ransomware.
  • The exploit can give you system level access on Exchange, pretty easy to impersonate any other account from there if you don't take least privilege seriously.
Detailed reading:
MS Blog: HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security
Exchange team blog: Released: March 2021 Exchange Server Security Updates - Microsoft Tech Community
Findings by a security researcher: (1) Mass exploitation of on-prem Exchange servers :( : msp (reddit.com)
 
This is a big one.

The other myBB thread is here :

Microsoft hack: White House warns of 'active threat' of email attack

https://www.bbc.com/news/world-us-canada-56304379 Microsoft hack: White House warns of 'active threat' of email attack The US is expressing growing concern over a hack on Microsoft's Exchange email software that the tech company has blamed on China. "This is an active threat," White House...
mybroadband.co.za mybroadband.co.za
 
Ipwn 4 said:
In typical mybb fashion the editors are too busy copying and pasting rubbish to report on actual technology news so I figured I would share.

Vulnerabilities have been disclosed that affects Exchange Server, the internet is freaking out as these are pretty serious.
the TL;DR
  • Patches are out, you should get on it immediately.
  • As far as I am aware no one has actually posted a POC yet, once this happens expect the exploits to be used for ransomware.
  • The exploit can give you system level access on Exchange, pretty easy to impersonate any other account from there if you don't take least privilege seriously.
Detailed reading:
MS Blog: HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security
Exchange team blog: Released: March 2021 Exchange Server Security Updates - Microsoft Tech Community
Findings by a security researcher: (1) Mass exploitation of on-prem Exchange servers :( : msp (reddit.com)
Click to expand...
You are what you post :unsure:
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X