Microsoft has issued an Exchange Server Security Update on April 13, 2021 for companies with an on-premises deployment of Microsoft Exchange Server 2013, 2016 and 2019. This affects both on-premises and hybrid deployments of Exchange Online. Exchange Hybrid users are less affected. However, the FBI’s recommendation is to patch this vulnerability as soon as possible.
This is a security exploit that a hacker could take advantage of to take control of a company’s environment. This is an urgent issue that needs to be addressed.
There is an exploit in the current Exchange software that allows for manipulation. After exploiting the Exchange server vulnerabilities to gain initial access, HAFNIUM (spell out) operators deploy web shells on the compromised server. Web shells potentially allow attackers to steal data and perform additional malicious actions that lead to further compromise.
Microsoft has provided blog posts in response to this security exploit. That can be found here: Released: April 2021 Exchange Server Security Updates - Microsoft Tech Community.
ConvergeOne is a Microsoft Gold Partner. Our experienced support staff is ready to help remediate this exploit and perform system updates as needed.