Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
Microsoft announced the release of a critical security update on Tuesday, March 2nd to address four zero-day vulnerabilities that allowed hackers to steal email communications from companies using their Exchange Server products.
Microsoft stated the flaws were being actively exploited in a sophisticated attack chain deployed by the Chinese cyber espionage group HAFNIUM. While Microsoft traditionally releases security updates on the second Tuesday of the month, commonly known as “Patch Tuesday”, the severity of the vulnerabilities called for an additional update ahead of the schedule. Microsoft is urging all customers to install the emergency patches as soon as possible and released a special alert from Tom Burt, Corporate Vice-President, Customer Security and Trust on Tuesday.
“Even though we’ve worked quickly to deploy an update for the HAFNIUM exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.”
The security updates are available on the Microsoft Security Response Center and address the four security issues with Microsoft Exchange Server 2013, 2016 and 2019 outlined below.
Microsoft did confirm their Exchange Online service, most commonly used for business email hosting, was not impacted by the attacks, and specifically cited that the exploits had no connection to the SolarWinds-related attacks.
For more information we encourage you to visit the full update from Microsoft at https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/.
How Can Schneider Downs Help?
If you have any questions, we are here to help! In addition to our services and software solutions, our team offers a diverse library of complimentary cybersecurity resources including case studies, whitepapers and security awareness materials. You can explore the library at www.schneiderdowns.com/cybersecurity/resources.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
If you suspect or are experiencing a network incident, our Incident Response Team is available 24x7x365 at 1-800-993-8937.
Want more cybersecurity content? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, for the latest insight and news in the cybersecurity world.
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003