URGENT UPDATE: RE Microsoft Exchange Servers

The USA’s Cyber Security and Infrastructure agency (CISA) have issued emergency guidance, as it appears that the recent vulnerabilities announced by Microsoft affecting their on-premise Exchange product have been compromised globally. At this point patching will not protect your installation, you must follow the steps below to identify if your systems have been compromised. If you use external IT, ensure that they read this email and if you have any concerns please contact Wolfberry Cyber ASAP.

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

Original release date: March 06, 2021

Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021.

CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script—as soon as possible—to help determine whether their systems are compromised. For additional information on the script, see Microsoft’s blog HAFNIUM targeting Exchange Servers with 0-day exploits.

For more information about these vulnerabilities and how to defend against their exploitation, see:

• Microsoft Advisory: Multiple Security Updates Released for Exchange Server

• Microsoft Blog: HAFNIUM targeting Exchange Servers with 0-day exploits

• Microsoft GitHub Repository: CSS-Exchange

• CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities

• CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities