Urgent patches out for exploited Exchange Server zero-days

Download the full PDF here, or view the original article here.

Microsoft is strongly urging customers with Exchange Server installations to apply patches that address critical vulnerabilities currently exploited by Chinese nation state hackers to steal information and install malware.

The urgent patches were released out-of-band to address an attack chain affecting Microsoft Exchange Server versions 2010, 2013, 2016 and 2019.

Hafnium is also exploiting an insecure deserialization issue in the Exchange Unified Messaging service to run code as the high-privilege Windows SYSTEM account, and two file-write vulnerabilities post-authentication, Microsoft said.

Once they have gained initial access with the above attack chain, the Hafnium hackers deploy web shells on the compromised Exchange Servers to exfiltrate email account and other data, and perform other malicious activity.