Security News > 2021 > March > US National Security Council urges review of Exchange Servers in wake of Hafnium attack
The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China.
Microsoft revealed the attack last week and released Exchange security updates.
The Biden administration's Cybersecurity and Infrastructure Security Agency followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments.
On March 7, the US National Security Council tweeted that patching and mitigation was not enough to protect vulnerable systems.
Microsoft has issued additional mitigation advice for those unable to patch Exchange Server.
With 30,000 US-based Exchange users thought to have been targeted by whoever was behind Hafnium, and 250,000 impacted globally, reports are suggesting the Biden administration will create a task force to address the Hafnium attack and its aftermath.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/08/us_national_security_council_says/
Related news
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- What 2024 taught us about security vulnerabilties (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks (source)