PATCH NOW: Microsoft On-Premise Exchange RCE Vulnerabilities
Microsoft has released additional security patches related to Microsoft Exchange Server 2013, 2016, and 2019. These patches address additional vulnerabilities which could also allow remote code execution. Please see the updated Microsoft Tech Community article for more information.
On March 2, 2021, Microsoft released a blog post confirming four previously-unknown vulnerabilities affecting on-premise Exchange servers 2013, 2016, and 2019 (Exchange Online is not affected). Attacks observed leveraging these vulnerabilities allowed access to on-premise Exchange servers enabling access to email accounts, and allowed for additional malware installation via remote code execution. Microsoft attributes most of the activity to the HAFNIUM group, a state-sponsored group operating out of China.
Environments still operating their own on-premise Exchange should immediately patch their systems. Microsoft has also released a variety of detection tools and indicators of compromise (IoC) to search for current or past exploitation. For assistance in reviewing your environment, please contact [email protected]. Please also consult the links below for additional resources.