On 2 March, 2021 multiple zero day vulnerabilities for Microsoft Exchange on-prem where discovered and four high emergency patches were released by Microsoft. The zero day leak that was abused by a hacker group named Hafnium, was very easy to exploit and the source code was published. While many companies started patching right away, several other companies did not immediately respond to this high priority and patched on the 4th of March or even after the weekend.
Biggest problem was that other hacker groups starting to use the exploit as well. On the 3rd of March a huge amount of non-patched Exchange servers where compromised and even after patching the exploit, the servers kept being compromised. This caused some big issues to try to figure out why some servers kept being compromised and others hat no issues at all after being patched. But fortunately we found the solution.
If you want to know the root cause of this very sophisticated attack and the solution to stop this abusive behaviour and the re-infections of the server? Please download our security solutions brief.