Security News > 2021 > March > Microsoft fixes four zero-day flaws in Exchange Server exploited by China's ‘Hafnium’ spies to steal victims' data

Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from US-based defense contractors, law firms, and infectious disease researchers.

Gain access to an Exchange Server either using stolen passwords or by using zero-day vulnerabilities, and disguise themselves as a legitimate user.

Control the compromised Exchange Server remotely using a web shell.

Microsoft named cloud file locker Mega.nz, a service founded by the Kim Dotcom, as one of Hafnium's preferred destinations for exfiltrated data.

An advisory states: "The initial attack requires the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections, or by setting up a VPN to separate the Exchange server from external access."

There's a little more relief to be had from the fact that Microsoft's patches replace the February 9 security update for Exchange Server 2019, so if you're a little behind, that wasn't the worst update to have delayed.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/03/hafnium_exchange_server_attack/