Application security, Patch/Configuration Management, Vulnerability Management

Microsoft releases Hafnium patch for defunct edition of Exchange

Microsoft released a ‘lite’ slate of updates for Patch Tuesday (Microsoft)

Following widespread hacking from the Hafnium group and, perhaps, other groups, Microsoft is now offering the same patch for the no-longer-supported Exchange Server 2010 that it introduced last week for all newer editions.

Issuing a patch for products that are no longer supported is not common for any vendor. But the four vulnerabilities first used in the wild by Hafnium have reportedly been used to hack tens of thousands of servers.

Patches for Exchange Servers 2010, 2013, 2016 and 2019 can be downloaded here.

Microsoft attributes Hafnium to a state-sponsored Chinese group. But security vendors have identified several clusters of activity using the vulnerabilities that do not neatly match the Hafnium tactics, techniques, and procedures. That may mean other groups are in play.

Microsoft has been adamant about the importance to apply these patches as quickly as possible. Experts warn that many of the organizations being breached would not be traditional targets of a covert nation-state campaign, possibly due to identifying targets through an internet scan, and that everyone needs to patch. They also warn that patching is not enough to stop an attack in progress and that it is important to look for malware that has already been installed even as defenders cut off access for new malware to be installed.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.