The vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 — affect Microsoft Exchange Server 2013, 2016 and 2019. Microsoft has released an updated script designed to scan Exchange log files for indicators of compromise (IOCs) associated with the zero-day vulnerabilities the vendor disclosed last week. On 2 March, Microsoft released security updates for Exchange Server to protect users against vulnerabilities in on-premises versions of the software, with the China-based state-sponsored actor Hafnium flagged as the primary group behind exploits targeting the flaws. The vulnerabilities -- CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 -- affect Microsoft Exchange Server 2013, 2016 and 2019, and are part of an attack chain initiated with the ability to make an untrusted connection to Exchange Server port 443. By 4 March, Microsoft said that its Exchange Server team had released a script for checking Hafnium indicators of compromise (IOCs). The script was published on GitHub. On 5 March, Microsoft said it continued to see increased use of the vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond Hafnium, with the company releasing additional resources, including new mitigation guidance. The United States Cybersecurity and Infrastructure Security Agency (CISA) said on 6 March that it, too, was aware of widespread domestic and international exploitation of the vulnerabilities and strongly recommended that organisations run the Microsoft script as soon as possible to help determine whether their systems were compromised. In a blog post published by the Microsoft Security Response Center on 6 March, the company detailed alternative mitigation techniques for customers that were not able to quickly apply updates and which needed more time to patch their deployments or were willing to make risk and service function trade-offs. "These mitigations are not a remediation if your Exchange servers have already been compromised, nor are they full protection against attack," the company said, noting that it strongly recommended investigating Exchange deployments using its hunting recommendations published in a separate post. The moves by Microsoft to help Exchange Server users mitigate the worst of the dangers presented by the vulnerabilities came as media outlet Reuters reported that more than 20,000 organisations in the US alone had been compromised through a back door installed via the recently patched flaws, according to sources. Related content news Dubber CEO dismissed, undergoes $24M capital raising Appoints executive director Peter Pawlowitsch to acting CEO and David Coventry as deputy CEO. By Sasha Karen 11 Apr 2024 2 mins Business Operations Careers Software Development news Simon McKay becomes CEO of Intalock and InfoTrust He will be responsible for leading the two MSSP brands in the Australian market. By Julia Talevski 11 Apr 2024 2 mins Careers Security news Logicalis boosts vendor play with new hire, program revamp Promotes Giselle Loschiavo to national vendor program manager. By Sasha Karen 11 Apr 2024 2 mins Managed Service Providers Careers Vendors and Providers news Nextgen bags Sumo Logic distributorship Deal delivers access to resources, recruitment, onboarding and training support. By Rob O'Neill 11 Apr 2024 2 mins Business Operations Vendors and Providers SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe