Patch your Exchange email server now! Flaws exploited by hackers to download corporate email

Leaving your systems unpatched is asking for trouble.

Patch your Exchange email server now! flaws exploited by hackers to download corporate email

Microsoft has released emergency security patches for four zero-day vulnerabilities in its Exchange email server software, widely used by businesses.

In a blog post the company said that multiple zero-day vulnerabilities in on-premises versions of Microsoft Exchange Server had been exploited in attacks that it believed were orchestrated by a state-sponsored Chinese hacking group called “Hafnium.”

Exploitation of the security holes allowed malicious attackers to gain access to email accounts, and allowed other malware to be planted to gain a long-term foothold within organisations.

Sign up to our free newsletter.
Security news, advice, and tips.

Microsoft is urging at-risk organisations to install security updates immediately.

The versions of Microsoft Exchange Server affected are:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

The online version of Exchange is not affected by the flaws.

Microsoft says that the Hafnium hacking group has primarily targeted victims in the United States, “including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.”

More details about the zero-day flaws can be found in this write-up by researchers from Volexity.

According to Volexity, the attacks have been stealing email and compromising networks since as early as January 6, 2021.

So don’t delay – follow Microsoft’s advice, and apply the patches to affected systems immediately.

Dawdling only increases the chances that Hafnium, or other hacking groups who may have other targets in their sights, will attempt to exploit the vulnerabilities in an attack against your organisation.

Leaving your systems unpatched is asking for trouble.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.