Join us for Tradecraft Tuesday on March 9 at 1pm ET where the Huntress team will uncover some major developments surrounding the Microsoft Exchange Server exploit—including newly discovered webshells and post-exploitation details.
We strongly encourage you to join us or sign up for the recording as we'll be going over:
- Screenshots of newly discovered webshells
- How the exploits bypassed most preventive security products
- How the threat actors maintained persistence by hiding in Windows services
- What the hackers dropped during the post-exploitation stage and what it means for future victims
On March 2, Microsoft disclosed multiple zero-day exploits being used to attack on-premise versions of Microsoft Exchange Server.
If you are running on-prem Microsoft Exchange,it’s critical that you immediately identify and patch potentially at-risk systems.
Huntress is actively monitoring and sending incident reports for any impacted endpoints discovered, including providing assisted remediation support to remove any webshells deployed as part of this attack.
This does not replace patching;to prevent re-exploitation, it is critical that you also patch vulnerable servers immediately.
As an additional step, we strongly encourage you to verify your own managed environments for potential vulnerabilities and indicators of compromise.