HAFNIUM Exchange Server 0-Day Exploits

Published: 03 March 2021
on channel: Matt Soseman
21,415
513

**please read the documentation in the links below for more info on remediation** Let's talk about the Exchange Server 0-Day exploits announced on March 2 2021. I'll cover what the threat is, the vulnerabilities, patching and using Microsoft Defender for Endpoint and Azure Sentinel for detection and remediation.

Table of Contents:
00:00:00 Intro
00:00:30 Overview
00:02:30 Who?
00:03:30 Technical Details
00:05:26 Attack Details
00:09:00 Detection and Mitigation

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus https://www.microsoft.com/security/bl...


Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities https://msrc-blog.microsoft.com/2021/...

One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021

https://msrc-blog.microsoft.com/2021/...

Ghost in the shell: Investigating web shell attacks
https://www.microsoft.com/security/bl...
HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security - https://lnkd.in/gcRFAMB
New nation-state cyberattacks - https://lnkd.in/gvckFkY
*new* blog with IOCs and patching guidance https://techcommunity.microsoft.com/t...
HAFNIUM targeting Exchange Servers with 0-day exploits https://www.microsoft.com/security/bl...
Released: March 2021 Exchange Server Security Updates https://techcommunity.microsoft.com/t...
Exchange Server Security Update FAQ https://webcastdiag864.blob.core.wind...
More FAQ on Issues w/ Update https://docs.microsoft.com/en-us/exch...
Defending Exchange servers under attack https://www.microsoft.com/security/bl...
Released: March 2021 Exchange Server Security Updates https://techcommunity.microsoft.com/t...
Web shell attacks continue to rise https://www.microsoft.com/security/bl...
ProcDump: https://docs.microsoft.com/en-us/sysi...
LSASS: https://en.wikipedia.org/wiki/Local_S...
Dept of Homeland Security Directive: https://cyber.dhs.gov/ed/21-02/
Reverse shell loaded using Nishang Invoke-PowerShellTcpOneLine technique https://github.com/microsoft/Microsof...
Procdump dumping LSASS credentials https://github.com/microsoft/Microsof...
7-ZIP used by attackers to prepare data for exfiltration https://github.com/microsoft/Microsof...
Exchange PowerShell snap-in being loaded https://github.com/microsoft/Microsof...
Powercat exploitation tool downloaded https://github.com/microsoft/Microsof...
Exchange vulnerability launching subprocesses through UMWorkerProcess https://github.com/microsoft/Microsof...
Exchange vulnerability creating web shells via UMWorkerProcess https://github.com/martyav/Microsoft-...

Note: The views and expressions on my videos do not represent those of my employer and are strictly my own.

All content provided on this channel is for informational purposes only. The owner of this channel makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this channel.

The owner of this channel will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

These terms and conditions is subject to change at anytime with or without notice.


Watch video HAFNIUM Exchange Server 0-Day Exploits online without registration, duration hours minute second in high quality. This video was added by user Matt Soseman 03 March 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 21,415 once and liked it 513 people.