If your company or organization hosts one or more Microsoft Exchange servers, the Michigan State Police Cyber Command Center is warning of a “newly identified, significant and active threat to network security.” Microsoft Exchange is a platform used to host email services for many businesses and enterprises.
Authorities are reporting that last week, “Security researchers uncovered multiple vulnerabilities with on-premises Exchange servers and Microsoft released patches to fix the vulnerabilities. Prior to patches being available, malicious actors had begun to exploit the vulnerabilities. Any organization hosting an on-premises Exchange server that has not been updated has a high likelihood of already being victimized.”
Cloud-based Microsoft email is not affected by these vulnerabilities.
As recommended by Microsoft and the Cybersecurity & Infrastructure Security Agency (CISA), the MC3 strongly encourages any agency utilizing an on-premise Microsoft Exchange server to take immediate action to install the patches and then work with their information technology team to investigate any potential unauthorized access to their servers.
The vulnerabilities allow a remote attacker to access vulnerable email servers, the emails stored on them, allow for the installation of additional malware, harvest passwords and facilitate long-term access to victim environments. Additional information about the vulnerability can be found at https://www.cisa.gov/ed2102 as weel as this link:
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Any entity in Michigan with evidence of a compromise related to this vulnerability or other malware activity, is requested to report it to the MC3 at 877-MI-CYBER or the FBI’s Internet Crime Complaint Center at http://www.ic3.gov.
