The SolarWinds hack has finally met its match. While 2020 cybersecurity history will forever be tied to the infamous, widespread attack, 2021 might already be defined by a hack of Microsoft Exchange email servers. If you run one of these servers, you should make sure to update immediately.
This Exchange hack represents a major security risk for anyone or any business running an Exchange server. Hafnium’s attack exploits a vulnerability that apparently goes back 10 years, and seems to have no real target. They haphazardly hacked as many users as possible, with some estimates reaching as high as 250,000 victims.
These attacks reportedly started back in January, meaning hackers have had around two months to exploit Exchange vulnerabilities unchecked.
In response, Microsoft promptly released a patch for Exchange versions 2010, 2013, 2016 and 2019. The company usually releases patches on the second Tuesday of every month, but this patch came out on the first Tuesday of the month, highlighting the severity of the security breach.
You need to update with this patch as soon as possible, if you haven’t done so already. Every moment you wait is an opportunity for a bad actor to take advantage of this exploit on your server. In addition, make sure to look out for any other patches from Microsoft, as the company is surely looking for any other possibly vulnerabilities in its platform.
Cover photo by Mika Baumeister on Unsplash