March 09, 2021
You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
On March 2, 2021 Microsoft posted an alert advising users that a threat group known as Hafnium had engaged in numerous attacks using a previously unknown vulnerability in on-premises Microsoft Exchange servers. Experts estimate that over 100,000 servers in the United States could be exposed to this vulnerability.
We are recommending that all clients that utilize Microsoft Exchange on-premises immediately check to see if there are any indicators of compromise. Background on the exploit and instructions for checking indications of compromise can found here and provided to your IT team or Managed Service Provider. We also recommend that you immediately patch the potentially impacted Exchange servers to remediate this major vulnerability. Instructions for this can be found here.
If you need assistance in determining whether any further action might be needed, our trusted partner Tracepoint is providing a free consultation to determine next steps. You can contact Tracepoint by clicking here.
If there is concern that an indicator of compromise is apparent please contact our team to report a claim and initiate the incident response process by clicking here.
You can also find additional details on this issue in the alert published by the Cybersecurity & Infrastructure Security Agency.
Get in touch with the cyber team: Cyber@Risk-Strategies.com
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.