{"id":2839,"date":"2021-03-09T12:06:34","date_gmt":"2021-03-09T12:06:34","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=2839"},"modified":"2021-03-09T12:06:34","modified_gmt":"2021-03-09T12:06:34","slug":"how-to-protect-your-customers-from-hafnium","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2021\/03\/resources\/how-to-protect-your-customers-from-hafnium\/","title":{"rendered":"How to Protect Your Customers from HAFNIUM"},"content":{"rendered":"

On March 2nd 2021, zero-day vulnerabilities affecting Microsoft Exchange were publicly disclosed. These vulnerabilities are being actively exploited in the wild by HAFNIUM, a threat actor believed to be a nation state. According to an alert from the CISA<\/a>:<\/p>\n

\u201cMicrosoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities\u2014CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065\u2014to take control of an affected system and can exploit one vulnerability\u2014CVE-2021-26855\u2014to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild<\/i><\/strong>.<\/em>\u201d<\/p>\n

CISA issued an emergency directive<\/a> urging organizations to patch on-premises Exchange Servers while performing associated security scans to see if attackers are in the systems.<\/p>\n

\u00a0<\/strong><\/p>\n

What should Sophos customers do?<\/strong><\/h2>\n

The Sophos MTR team has published\u00a0<\/strong>a step-by-step guide<\/strong><\/a>\u00a0on how to search a customer\u2019s network for signs of compromise.<\/strong><\/p>\n

The good news is that Sophos MTR, network, and endpoint customers have multiple protections against the exploitation of the new vulnerabilities.<\/p>\n

A Sophos News article<\/a> has been published which reviews many of these protections:<\/p>\n