Microsoft Issues Warning Over HAFNIUM Exploit Which Targets Microsoft Exchange
Microsoft has released details of an attack named HAFNIUM which is targeting unpatched, on-premise versions of Microsoft Exchange. Microsoft say that they have detected “multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.”
The result of these attacks could lead to a loss of data or exposure to malware (such as ransomware) but, ultimately, the exploit provides the hacker with ability to run any code they wish, as if they were on the server itself.
We strongly advise any business using the on-premise version of Microsoft Exchange to upgrade their system using the latest update including all security updates from Microsoft, which is not part of the normal release schedule and is available here – Microsoft Exchange Exploit Details.
Please note: We will be contacting all of our customers who we believe could be at risk of this exploit to take necessary action, but please contact us if you are concerned that you may be affected.