Your On-Site Outlook is Compromised!

If you are running Microsoft Exchange with Outlook Web Access (OWA) on-site there is a high likelihood the above statement is true.

Hack Details:

Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange, on March 2, 2021.

However, security experts have seen dozens of systems that were compromised as early as February 28, 2021 (before Microsoft released their patches) and continue up to today.

Actually, if you are running an OWA server exposed to the internet, you should assume you have been compromised between 02/26-03/03, and you are now in incident response mode until proven otherwise. If you have not applied the patches from Microsoft, you should get those applied immediately.

Microsoft Patches:

However, applying the patches will not help if you are already compromised. Microsoft has released code you can use to check your systems that you can find in this blog.

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

How IP Pathways’ Can Help:

If you need help applying the patches or determining whether your systems are compromised, IP Pathways can help. If you haven’t done so already, we urge you to take action immediately!

You can reach IP Pathways by calling 877-363-3895, ext. 2 or by email at support@ippathways.com.