HAFNIUM zero-day exploit Microsoft Exchange on-premises (02-march 2021)

 Hi, Microsoft has detected multiple 0-day exploits against on-premises Exchange servers.

This attack has been attributed to a group under name "HAFNIUM"

You can find more information about this group in this blog:

New nation-state cyberattacks - Microsoft On the Issues


So, Microsoft is recomending to install updates on all versions of exposed Exchange servers. This vulnerability does not affect Exchange Online.

Any Exchange server on-premises who is publishing HTTPS on internet is a target. 

Please follow Microsoft guide for updating your servers:

1. Download this script to check vulnerability status of your servers from Github


2. Download the required Software patch for your server version/edition. (check the requirements!)

3. Put your servers on maintenance mode if you can, otherwise you should consider a maintenance window for installing, because this patch require a reboot, and services are down during installation.


In Exchange 2016 the installation will take about 1 hour, so plan beforehand.


For more information, check official sources:

Released: March 2021 Exchange Server Security Updates - Microsoft Tech Community

HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security


Comments

Post a Comment

Popular posts from this blog

Update DNS static servers in your local Network

Image
 lets say you need to update your DNS servers, maybe you installed a new Domain Controller in your network. So probably the last step is update in each computer the primary and secondary DNS server. It's sad, but in GPO, you will not find an effective way of doing this for windows10 Instead, you can use this script. $inet1=Get-DnsClient  | Get-DnsClientServerAddress | where{$_.ServerAddresses -contains "192.168.0.245" -or $_.ServerAddresses -contains "192.168.0.207"} foreach($nic in $inet1){     Set-DnsClientServerAddress -InterfaceIndex $nic.InterfaceIndex -ServerAddresses ("192.168.0.245","192.168.0.114") } You can change the old IPs (192.168.0.245 and 192.168.0.207) for new IPs. then, save the file as ChangeDNS.ps1 file in your network Share. Create a New GPO and configure the Schedule Tasks for the Computer node. Configure the task as Immediate Task. Set the user account as SYSTEM. It will automatically convert into NT Authority\system. S...
Read more

LIst all VMs Disk in Hyper-V (VMM)

 Here an easy way to list all your VMs disk.  This will be useful if need to check what disk has every machine.  you can then copy the output to excel  $vms=Get-vm -All $file="listvms.txt" for($i=0;$i -lt $vms.count;$i++){foreach($disk in $vms[$i].VirtualHardDisks.sharepath){ $s=$vms[$i].name+";"+$disk; Write-Output $s | Out-File $file -append utf8}} notepad $file Be aware that second time, you shuld use a different file, otherwise you will be adding the results to the same file
Read more

Powershell Scritp for Inventory VMS in Hyper-V and VMware

Image
 Today I have to create a list of VMS, but with specific information. Usually you will like some basic info from your virtual machines, including, name, amoutn of CPU, RAM and Disk Usage. Seems simple, but the true is a nightmare. The issue is about the Disk usage. When your VMs has only one disk is easy, but what about a machine with 4 disks? What if these disk are thin provisioning and you need to sum the space? Well... here you will learn how, and using simple lines. Get a List of VMS from Virtual Machine Manager If using VMM you can use this method, this will allow a complete list of all hosts and VMS in your environment. #This get the list of all VMs $vms = Get-VM -All #this generate a report including, name, host, status, cpu, ram and disk usage $Report = $vms | select name, vmhost, status, CPUcount, MemoryAssignedMB, @{Name="DiskAllocated";Expression={[math]::round($_.TotalSize/1024/1024/1024,2)}} #this export the report as CSV. Now you can take this to Excel. $Report ...
Read more