We migrated ticketing systems!

If you would like to check on the status of a ticket, please visit huntress.zendesk.com.

For the time being, our documentation will stay the same, we will make a hard cutover when all the documentation is ready. The Huntress Support site will continue to be support.huntress.io, it will just come with a new look and feel.

Click here to check the status of a ticket



Top

0-Day Exploit - Exchange - HAFNIUM

Last updated: March 7, 2021 23:00 ET

If you're reading this article, you are probably aware that there's a 0-day Microsoft Exchange Server exploit that was uncovered. We are regularly updating this support article with details as we learn more. The article also includes information about what to expect from Huntress.

Related Technical articles:

What is Huntress Doing? 

  • We are contacting partners that have Exchange Servers we believe to be unpatched. The check is performed by the Huntress agent--we are not checking hosts externally.
  • We are actively looking for the presence of web shells on hosts with affected versions of Exchange installed. We will send reports for any web shells we identify. 
    • Please note the web shell detection and reporting differs from our foothold detection. As such, the reports for web shells do not automatically close. If you have remediated the web shell, feel free to reach out to Support by Clicking here Clicking here

      or emailing support@huntress.io and we will manually close the incident report.

  • We've started a Reddit thread and a blog post with all the information we have gathered.
  • Patch Status

    At this time support is unable to verify the patch status of individual servers. Please review our blog or Reddit post to assist you with this.


    What do I need to do? 

    Read over Microsoft's Security post here: HAFNIUM targeting Exchange Servers with 0-day exploits.

    Read over our Reddit Thread and Huntress Blog that gives our details on what to look for--we will continue updating them as we have more information.

    Make sure you have the latest Exchange Server updates. For Exchange 2013, 2016, 2019 refer to KB5000871 and for Exchange 2010 refer to KB5000978

    Affiliated CVEs