
Microsoft Exchange 0-day attacks | |||
DESCRIPTION | |||
A new set of zero-day vulnerabilities have been identified for Microsoft Exchange customers. | |||
IDENTIFY INDICATORS OF COMPROMISE (IOC) | |||
| |||
CONTAINMENT (REQUIRED) | |||
| |||
REMEDIATION | |||
After all threat actor-controlled accounts and identified persistence mechanisms have been identified and removed:
| If you would like to speak with HALOCK concerning this zero-day vulnerability, need assistance with analysis, or would like to further protect you web applications, please reach out to your HALOCK account manager or chat with us online at www.halock.com to schedule a call with one of our security experts. |

HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.
References
- https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/
- https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
- https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
- https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/
- https://github.com/microsoft/CSS-Exchange/tree/main/Security
- https://us-cert.cisa.gov/ncas/current-activity/2021/03/03/cisa-issues-emergency-directive-and-alert-microsoft-exchange
- https://cyber.dhs.gov/ed/21-02/