Urgent Cyber Security Measures Released by Microsoft

Download the full PDF here, or view the original article here.

Microsoft is strongly urging customers with Exchange Server installations to apply patches that address critical vulnerabilities currently exploited by Chinese nation state hackers to steal information and install malware.

The urgent patches were released out-of-band to address an attack chain affecting Microsoft Exchange Server versions 2010, 2013, 2016 and 2019.

Hafnium is also exploiting an insecure deserialization issue in the Exchange Unified Messaging service to run code as the high-privilege Windows SYSTEM account, and two file-write vulnerabilities post-authentication, Microsoft said.

Once they have gained initial access with the above attack chain, the Hafnium hackers deploy web shells on the compromised Exchange Servers to exfiltrate email account and other data, and perform other malicious activity.

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.