Microsoft Exchange Attack: 30,000 Servers Compromised

March 8, 2021
Carl Keyser
March 8, 2021
Carl Keyser
Table of contents
    Microsoft logo with four colored squares (orange, green, blue, and yellow) on the left and the word "Microsoft" in gray on the right.

    If you haven’t patched your Microsoft Exchange Server recently you should seriously consider it. There are FOUR “zero-day” vulnerabilities currently wrecking havoc around the with tens of thousands of organizations affected.

    The vulnerabilities are:

    • CVE-2021-26855
    • CVE-2021-26857
    • CVE-2021-26858
    • CVE-2021-27065

    Microsoft issued emergency patches last week for the four vulnerabilities (which you can read more about here). Microsoft believes the hacking team behind the attacks, called Hafnium, is most likely based in China.

    The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an order directing organizations apply the recently released patches.

    Microsoft, in their statement regarding the issue, said “nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.”

    Hafnium perpetrates their attacks by deploying “web shells” on the afflicted Exchange servers. Their intent is to steal data and installing malware.

    You can find out more about the vulnerabilities here on Microsoft’s update guide page: https://msrc.microsoft.com/update-guide/vulnerability

    Like our blog? You can view more posts down below.

    Avatar photo

    Carl Keyser

    As Inbound Marketing Manager at Integris, Carl Keyser brings expertise in digital marketing and SEO to create insightful blog content that educates and informs readers about technology trends and best practices.
    Share on LinkedIn