HAFNIUM zero-day exploit Microsoft Exchange on-premises (02-march 2021)

 Hi, Microsoft has detected multiple 0-day exploits against on-premises Exchange servers.

This attack has been attributed to a group under name "HAFNIUM"

You can find more information about this group in this blog:

New nation-state cyberattacks - Microsoft On the Issues


So, Microsoft is recomending to install updates on all versions of exposed Exchange servers. This vulnerability does not affect Exchange Online.

Any Exchange server on-premises who is publishing HTTPS on internet is a target. 

Please follow Microsoft guide for updating your servers:

1. Download this script to check vulnerability status of your servers from Github


2. Download the required Software patch for your server version/edition. (check the requirements!)

3. Put your servers on maintenance mode if you can, otherwise you should consider a maintenance window for installing, because this patch require a reboot, and services are down during installation.


In Exchange 2016 the installation will take about 1 hour, so plan beforehand.


For more information, check official sources:

Released: March 2021 Exchange Server Security Updates - Microsoft Tech Community

HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security


Comments

Post a Comment

Popular posts from this blog

Update DNS static servers in your local Network

Image
 lets say you need to update your DNS servers, maybe you installed a new Domain Controller in your network. So probably the last step is update in each computer the primary and secondary DNS server. It's sad, but in GPO, you will not find an effective way of doing this for windows10 Instead, you can use this script. $inet1=Get-DnsClient  | Get-DnsClientServerAddress | where{$_.ServerAddresses -contains "192.168.0.245" -or $_.ServerAddresses -contains "192.168.0.207"} foreach($nic in $inet1){     Set-DnsClientServerAddress -InterfaceIndex $nic.InterfaceIndex -ServerAddresses ("192.168.0.245","192.168.0.114") } You can change the old IPs (192.168.0.245 and 192.168.0.207) for new IPs. then, save the file as ChangeDNS.ps1 file in your network Share. Create a New GPO and configure the Schedule Tasks for the Computer node. Configure the task as Immediate Task. Set the user account as SYSTEM. It will automatically convert into NT Authority\system. S
Read more

Error 'General access denied error' (0x80070005). Starting SCVMM Resource

Image
 Hello,  After a VMM migration and disk migration I faced this issue. I was unable to start a VM. So if you check on Failover Cluster Manager, you should find this information under "roles". If you check information, it says you should get more information from the "Information Details" windows. This example error says about an Access denied error, so this should be related to permisions. In fact, I did a change on my VMs disk, that is probably the cause on my case.  For resolving I recommend, checking on permissions on the disks of your VM, and if possible, use a tool to copy/paste the correct permissions. Luckly in my case, I do have another disk with the correct permissions, so I used icacls to backup and restore the correct permissions. icacls VM1_mydisk.vhdx /save backup.txt then, you should open the backup.txt file and change the name of the file, to match the destination. then restore using: icacls C:\ClusterStorage\Volume3\VM1 /restore backup.txt After doing
Read more

Powershell Scritp for Inventory VMS in Hyper-V and VMware

Image
 Today I have to create a list of VMS, but with specific information. Usually you will like some basic info from your virtual machines, including, name, amoutn of CPU, RAM and Disk Usage. Seems simple, but the true is a nightmare. The issue is about the Disk usage. When your VMs has only one disk is easy, but what about a machine with 4 disks? What if these disk are thin provisioning and you need to sum the space? Well... here you will learn how, and using simple lines. Get a List of VMS from Virtual Machine Manager If using VMM you can use this method, this will allow a complete list of all hosts and VMS in your environment. #This get the list of all VMs $vms = Get-VM -All #this generate a report including, name, host, status, cpu, ram and disk usage $Report = $vms | select name, vmhost, status, CPUcount, MemoryAssignedMB, @{Name="DiskAllocated";Expression={[math]::round($_.TotalSize/1024/1024/1024,2)}} #this export the report as CSV. Now you can take this to Excel. $Report
Read more