Exploitation of vulnerabilities in Microsoft Exchange


Several critical vulnerabilities have been discovered in the unpatched Microsoft Exchange 2010, 2013, 2016 and 2019 servers (Exchange Online servers are not affected). The exploitation of these security breaches leads to a risk of data theft or destruction and infrastructure compromise for the impacted companies.

These vulnerabilities were previously exploited by a group of activities - named HAFNIUM by Microsoft, since late 2020. Once these vulnerabilities became public in early March, their exploitation intensified, including the deployment of the new "DearCry" ransomware and cryptocurrency mining malware.

The situation is alarming due to the number of potentially affected servers in the world. In Luxembourg, a significant number of Microsoft Exchange servers are considered vulnerable. CIRCL (Computer Incident Response Center Luxembourg), the cyber incident emergency response team for the private sector, municipalities and non-governmental entities in Luxembourg, has the objective of helping the component entities of the Luxembourg economy when the security of their IT systems is at risk.

CIRCL experts can assist all potentially affected companies and organisations individually in the process of detecting and resolving possible intrusions.

More information in the document below.