Early last week Microsoft took the unusual step of not only
announcing a vulnerability in their Exchange server software, but stating that it has been actively exploited by a nation state. Microsoft attributes the campaign to HAFNIUM, a group they have assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
The US White House press secretary followed this by
declaring it an "active threat". And on Saturday, the US National Security Council said it was "essential that any organisation with a vulnerable server take immediate measures" to determine if they had been targeted.
At 4Cambridge we have taken this threat seriously. Not only does the vulnerability potentially expose client data, but also allows compromised servers to be used to carry out further attacks.
Many of our clients are using Exchange Online (part of Microsoft 365) for their email hosting, and Microsoft has confirmed that this is not affected by the vulnerability. However we still have some clients using on-premise Exchange servers for their email who could be vulnerable.
4Cambridge have now completed checks on all of our clients with on-premise servers, and have carried out the installation of the relevant security patches that Microsoft released last week.