Exchange | World Around Hafnium

Microsoft recently identified that Hafnium is attacking port 443 so it is important for everyone to close the vulnerability. This is a world upside down for Exchange Community because whole duration of Exchange Server, every Exchange Guru has recommended to avoid installing any anti-virus, anti-malware. Now, there is no choice and Endpoint protection is must on Exchange Servers. Here is how Golden Five Consulting started helping their customers.

Hafnium Hack on EXCHANGE SERVERS

HAFNIUM is targeting entities in the United States across a number of industry sectors including Universities, higher education institutions, defense contractors, policy think tanks, infectious disease researchers, law firms and NGOs.

    Short-Term or Long-Term Mitigations

These mitigations are not a remediation if your Exchange servers have already been compromised, nor are they full protection against attack. Applying an update or alternative mitigation techniques will not evict an adversary who has already compromised your environment.

    Resolution Suggested by Microsoft

Successful response should consist of the following steps:
1. Deploy updates to affected Exchange Servers.
2. Investigate for exploitation or indicators of persistence.
3. Remediate any identified exploitation or persistence and investigate the environment for indicators of lateral movement or further compromise.

    Solution for Remediation

Investigate, Identify & Clean your exchange server:

  1. Download & run Microsoft Safety Scanner
    on effected server
  2. Purchase G5 Microsoft Defender ATP as a Service” @ $100 per server per month 
  3. Build new Exchange Server

    Contact us at Security@GoldenFive.net
      or

    call Our Security Line +1-323-505-9799

Sources:

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

CTO @ Golden Five | CEO at LAExUG Foundation

Prabhat is 3 times Microsoft MVP Award winner. He is MBA in Information Technology and he is working as a CTO at Golden Five Consulting which is a Microsoft Gold Partner, MSP, T1CSP, and Education partner. He helps in designing, implementing, managing and supporting solutions for private messaging cloud, mergers, a collaboration between different messaging software and other migration & deployment projects for the following technologies Office 365, Azure, AWS, Exchange, SQL, ADFS, MFA, FIM, MIM and Directory services. He has worked for all big IT giants either as an employee or contractor where he has led the Global teams. He has started his career as Technical Consultant in Exchange 5.5 with Microsoft PSS and his exchange love never stopped & continued with 2000/2003/2007/2010/2013/2016/2019/O365. At one point in time, he was the only person to support EDS customers when Microsoft had closed all the supports for 5.5 and now for all old legacy Exchange versions.
He used to blog at MSExchangeGuru.com, manages multiple LinkedIn and Facebook Groups. He also Owns MSExchnageGuru YouTube channel where he uploads all his records technical sessions. Don’t forget to check his PowerShell scripts which are making admins life easier. Prabhat can be reached at PN@GoldenFive.net.

Leave Comment

Your email address will not be published.