ZERO-DAY VULNERABILITIES

Microsoft Exchange Servers Under Attack

On March 2, the world learned about four critical zero-day Microsoft Exchange Server vulnerabilities. These vulnerabilities let adversaries access Microsoft Exchange Servers and potentially gain long-term access to victims’ environments. Multiple threat actors are currently exploiting these zero-day vulnerabilities in the wild.


Steps to mitigate Exchange Server vulnerabilities

For detailed instructions on each of these steps, see our Unit 42 blog, “Remediation Steps for the Microsoft Exchange Server Vulnerabilities.”


UNIT 42

Elite Incident Responders

Rapid Response Security Assessment

What we do

The Unit 42 team offers world-class incident response, risk management and digital forensics services. Our unparalleled experience and expertise allows you to quickly recover from attacks and permanently eliminate adversaries from your organization. From rogue insiders to nation-state threats, Unit 42 is known for being a trusted security advisor in data breach response investigations.

Everything we do, from deployment to analysis and delivery of findings, is built for speed. We activate our incident response teams within minutes, integrating the specialized skill sets needed – from forensic consultants to malware analysts and team leaders. We move quickly to contain, investigate and coordinate our response.

Rapid Response Security Assessment-2

How we do it

We deliver solutions on time, on budget and designed for maximum impact. Our team’s experience spans security monitoring within the intelligence community and advising at the national security level to performing high-profile data breach investigations and leading remediation efforts.

Unit 42 consultants can help you:

  • Secure unpatched Microsoft Exchange Servers
  • Perform a thorough investigation to identify unauthorized activity
  • Contain active attacks and ensure threat actors do not return
  • Provide ongoing monitoring and proactive cyber risk services to prevent future attacks

Nikesh-Arora
Nikesh-AroraCEO and Chairman
quote

Use the lessons of these attacks to prepare your infrastructure for the next one. The tools are there now. Deploy them.

Nikesh-AroraCEO and Chairman
BLOG

Hunting for Recent Attacks Targeting Microsoft Exchange

Leveraging existing alerts in Cortex XDR, it is possible to hunt for and rapidly identify key elements of the recent Microsoft Exchange Attack currently being observed in the wild.

BLOG

Threat Assessment: Microsoft Exchange Server Vulnerabilities

Unit 42 researchers assess the threat of four zero-day vulnerabilities in Microsoft Exchange Server and suggest courses of action for mitigation.

BLOG

Analyzing Microsoft Exchange Attacks Using China Chopper Webshells

Providing insight into attackers’ methodology, the Unit 42 research team analyzed incidental artifacts of China Chopper webshell attacks against Microsoft Exchange Server.