Blog Post

Exchange Team Blog
6 MIN READ

Released: March 2021 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Mar 02, 2021
Note: this post is getting frequent updates; please keep checking back. Last update: 3/19/2021 Microsoft has released a set of out of band security updates for vulnerabilities for the following ver...
Updated Mar 19, 2021
Version 44.0
announcements
Exchange 2010
Exchange 2013
exchange 2016
exchange 2019
on premises
security
Nino_Bilic's avatar
Nino_Bilic
Icon for Microsoft rankMicrosoft
Mar 05, 2021

David485 reaper111 mark46forever bgg_26 JoRe_LAG 

If you have ran the HAFNIUM detection commands or a script (we suggest the script to help get you a more comprehensive view of IOCs) and have seen entries similar to the following:

 

"DATETIME","ServerInfo~a]@SERVERNAME.company.com:444/autodiscover/autodiscover.xml?#"

 

This is an indication of ‘probing’ the server for this vulnerability, not an indication of actual compromise; you will have to correlate this with activities from other server logs and look for evidence of files that might have been left on the server to confirm if the server has actually been compromised. The above by itself does not indicate compromise has happened but it does indicate that someone was looking to.