Exchange server

Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. As organizations recover from this incident, we continue to publish guidance and share threat intelligence to help detect and evict threat actors from affected environments.

The post Analyzing attacks taking advantage of the Exchange Server vulnerabilities appeared first on Microsoft Security.

Read More Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. We have taken this additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update.

The post Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus appeared first on Microsoft Security.

Read More Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and install additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM.

The post HAFNIUM targeting Exchange Servers with 0-day exploits appeared first on Microsoft Security.

Read More HAFNIUM targeting Exchange Servers with 0-day exploits