![]() Since I have DAG and HA in place, there really was no interruption in email service. I did it early in the morning on Mawith notice to users that there is a possibility of service disruption due to emergency. I’m up to date in my environments, so it took me 15 minutes (per server) to patch my servers. If you haven’t done already – patch your Exchange Server and your Windows Server systems RIGHT NOW!! This is in short and best to my knowledge as of now. It should be noted that DEVCORE Research Team found these exploits on Decemand reported them to Microsoft in January 5 2021. These are all chainable exploits and according to Volexity, the firm who discovered attacks here is what they doĬVE 26855 is a server-side request forgery (SSRF) vulnerability in Exchange that is used to steal mailbox content.ĬVE 26857 is used to run code under the System account.ĬVE 2685 are allowing an attacker to write a file to any part of the server. So, situation is more or less dramatic with this one, assuming it can overtake you email and internal domain. Since every Exchange is internet oriented in part, you are exposed to this to some extent for sure.Įxploits in question are Zero Day vulnerabilities and are used in the wild at least since 06.January 2021 by unknown adversaries. So this is potential disaster for your local network also. On March 02/03 2021 Microsoft released urgent critical security updates for Microsoft Exchange 9 that are known to exploit extremely dangerous vulnerabilities which (to put it plain and simple) can access your Microsoft Exchange with highest privileges and probably traverse your AD since Exchange and AD are tightly integrated. Updated 11 March 2021 – I see a lot of skepticism howt to proceed further with this – here I can offer my observations/opinions – Quick intro Updated 11 March 2021 – Looks like CompareExchangeHashes.ps1 script works ok now. Updated 10 March 2021 – with new info about scripts and link to website check if you were breached (at the bottom of the post). ![]() If you already know about problem, I will be happy to share some new info and also learn something new from you. Here I will try to explain my steps in the process, and what my stages of investigation were (so far). Microsoft Exchange Hafnium breach is turning into one of the ugliest security incidents ever, really fast.
0 Comments
Leave a Reply. |