Info about the Recent Exchange Vulnerability

We’re actively getting calls about this even as I write this on a Sunday afternoon, the hackers are still very much active as well. A huge set of vulnerabilities were discovered in Microsoft’s Exchange (email) software last week that were already under attack by hackers. Even I have been getting sales emails from IT companies trying to take advantage of this situation.

We hope giving you a few good details that will help you make sure you are protected, and hopefully let you sleep a little easier at night. There is a good, slightly-technical article about the on-going threat here: https://arstechnica.com/gadgets/2021/03/tens-of-thousands-of-us-organizations-hit-in-ongoing-microsoft-exchange-hack/

Who is at risk

  • If you are completely migrated to Office 365 (or Gmail/Google too!), you are 100% ok as it is not affected.

  • However, many firms make a migration to 365, then end up with their old Exchange servers still running or in a “hybrid” mode. In this situation, you are at the same risk as anyone running a mail server in-house.

  • If you are using “hosted Exchange” “private cloud” (Intermedia for example is a very popular provider of this) or any other situations where it is an Exchange server running somewhere else, or on someone else’s cloud, you are at risk.

If I am at risk, what should I do?

  • Microsoft released a fix on Tue 3/2, this should have been installed immediately (i.e. Tuesday), if not, ASAP. If you have not had communication from your IT team or vendor, reach out to confirm. We are getting a number of calls from companies that did not apply the security patches yet due to a lack of awareness or understanding.

  • Once the patch is installed, there are multiple ways to look if you were breached. If you’re at a big law firm, you should have a real security team that is already addressing this. Small and midsize firms with IT teams, this is a deep threat and requires true security expertise to investigate the breach, this is a situation where the same people fixing your printing issues should not be signing off on a clean bill of health. There are a lot of good free tools out there fortunately to do a preliminary investigation. Microsoft released their own scan tool here: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log

    • If you are not confident in your security, contact us today and we should be able to quickly assist.

unsplash-image-ccUpnIOk-B0.jpg
Dustin Bolander