On March 2, the world learned about four critical zero-day Microsoft Exchange Server vulnerabilities. These vulnerabilities let adversaries access Microsoft Exchange Servers and potentially gain long-term access to victims’ environments. Multiple threat actors are currently exploiting these zero-day vulnerabilities in the wild.
For detailed instructions on each of these steps, see our Unit 42 blog, “Remediation Steps for the Microsoft Exchange Server Vulnerabilities.”
What we do
The Unit 42 team offers world-class incident response, risk management and digital forensics services. Our unparalleled experience and expertise allows you to quickly recover from attacks and permanently eliminate adversaries from your organization. From rogue insiders to nation-state threats, Unit 42 is known for being a trusted security advisor in data breach response investigations.
Everything we do, from deployment to analysis and delivery of findings, is built for speed. We activate our incident response teams within minutes, integrating the specialized skill sets needed – from forensic consultants to malware analysts and team leaders. We move quickly to contain, investigate and coordinate our response.
How we do it
We deliver solutions on time, on budget and designed for maximum impact. Our team’s experience spans security monitoring within the intelligence community and advising at the national security level to performing high-profile data breach investigations and leading remediation efforts.
Unit 42 consultants can help you:
Leveraging existing alerts in Cortex XDR, it is possible to hunt for and rapidly identify key elements of the recent Microsoft Exchange Attack currently being observed in the wild.
Unit 42 researchers assess the threat of four zero-day vulnerabilities in Microsoft Exchange Server and suggest courses of action for mitigation.
Providing insight into attackers’ methodology, the Unit 42 research team analyzed incidental artifacts of China Chopper webshell attacks against Microsoft Exchange Server.