Client Alert: Mitigate On-Premises Microsoft Exchange Server Vulnerabilities

Sera-Brynn’s Digital Forensics and Incident Response (DFIR) Team is available to support those that require assistance managing and recovering from any active exploitation of vulnerable Microsoft Exchange Servers.

According to reports, “at least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations,” reports KrebsOnSecurity.

The Microsoft Security Response Center has issued information on the targeted attacks. Microsoft highly recommends that action is immediately taken to apply the patches for any on-premises Exchange deployments. The first priority are servers which are accessible from the Internet. Microsoft has also released a PowerShell script that can be used to check whether certain vulnerabilities have hacked a Microsoft Exchange server.

The Cybersecurity and Infrastructure Security (CISA) Alert(updated March 6, 2021) provides further information, including steps to take in the event there is evidence of compromise. “Should your organization see evidence of compromise, your incident response should begin with conducting forensic analysis to collect artifacts and perform triage.”

If Forensic Analysis Is Needed

If you have a server that is compromised, you may need specialized incident response support. Sera-Brynn Digital Forensics and Incident Response (DFIR) Team is available to current and new clients. For more information, contact us via our website at www.sera-brynn.com.